Gladiator Research and Security

GSA Reference Number: AD090625-01

Simply Put: Adobe Shockwave Player, which is used by browsers to play Shockwave media, has a remote code execution vulnerability in version 11.5.0.596 and earlier versions.  Adobe has released a new player to address this vulnerability.  Unfortunately, the current Shockwave Player must be uninstalled before upgrading.  The uninstall requires a reboot.

Vulnerability Details: The attack occurs when a user opens a malicious Shockwave document in a web browser.  Shockwave media includes online games or educational content, similar to Adobe Flash, but more complex.  The vulnerability requires a user to visit or be redirected to a malicious website.  Once there, the website can use a malicious Shockwave file to run remote code on the victim’s PC.  No further user interaction is required.

Countermeasures: Gladiator recommends that users install the patch from Adobe as soon as possible to mitigate the risks from this vulnerability.  The patch is available in the Adobe Security Bulletin below.  Please note that users must uninstall the current version, reboot, and then install the new version before they are considered fully patched.

Reference Links:

• Adobe Security Bulletin (http://www.adobe.com/support/security/bulletins/apsb09-08.html)
• SANS ISC Diary Entry (http://isc.sans.org/diary.html?storyid=6631)
• Adobe Shockwave Player Download (http://get.adobe.com/shockwave/)
• Adobe Shockwave and Flash Comparison (http://www.adobe.com/products/director/resources/integration/)