* Adobe Shockwave Player version 18.104.22.1681 and prior
* Adobe Shockwave Player version 22.214.171.1242
These vulnerabilities are caused by memory corruptions, invalid index, and invalid pointer errors within the processing of malformed Shockwave content, which could allow attackers to execute arbitrary code via specially crafted web pages. Fully functional exploits are known to be publicly available for purchase and or subsequent download on the Internet. We recommend that you immediately patch your systems.
2009-07-17 - Vendor notified
2009-07-17 - Vendor response
2009-10-27 - Status update received
2009-11-03 - Coordinated public Disclosure