Wednesday, January 20, 2010

Another Adobe problem, this time it's the Shockwave Player

News today of another Adobe problem, only this time it's the Shockwave Player.  This is different from the Flash Player.  If you have it, Adobe says to uninstall it, REBOOT, and then install the new one.  I say just uninstall it -- most likely you don't need it unless you play online games that require it.

Critical flaws haunt Adobe Shockwave Player | Zero Day | ZDNet.com
Adobe’s run on the patching treadmill continued this week with a “critical” update to fix a pair of code execution holes in its Shockwave Player.

The vulnerabilities affect Adobe Shockwave Player 11.5.2.602 and earlier versions, on the Windows and Mac operating systems.

According to an Adobe advisory, an attacker who successfully exploits the vulnerabilities could run malicious code on the affected system.

* This update resolves a buffer overflow vulnerability that could potentially lead to code execution (CVE-2009-4002).
* This update resolves multiple integer overflow vulnerabilities that could potentially lead to code execution (CVE-2009-4003).

Adobe recommends Shockwave Player users uninstall Shockwave version 11.5.2.602 and earlier on their systems, restart their systems, and install Shockwave version 11.5.6.606.

No comments: