1 Reply Latest reply on Nov 4, 2009 3:46 PM by Grif

    Adobe Shockwave Player Multiple Code Execution Vulnerabilities

      Vulnerable Systems:
        * Adobe Shockwave Player version 11.5.1.601 and prior

      Immune Systems:
        * Adobe Shockwave Player version 11.5.1.602

      These vulnerabilities are caused by memory corruptions, invalid index, and invalid pointer errors within the processing of malformed Shockwave content, which could allow attackers to execute arbitrary code via specially crafted web pages. Fully functional exploits are known to be publicly available for purchase and or subsequent download on the Internet. We recommend that you immediately patch your systems.

      Disclosure Timeline:
      2009-07-17 - Vendor notified
      2009-07-17 - Vendor response
      2009-10-27 - Status update received
      2009-11-03 - Coordinated public Disclosure