Site Archives Shockwave

Multiple Adobe Product Vulnerabilities

Posted on November 5th, 2010

GSA Reference Number: AD101105-01

Simply Put: Multiple Adobe products are vulnerable to some new high-risk remote code execution issues.  First off, Adobe Flash Player versions earlier than 10.1.85.3 have critical vulnerabilities that can be exploited by an attacker to take control of affected systems.  Adobe has released an update for Flash.  Second, Adobe Acrobat and Reader versions 9.4 and earlier are vulnerable to a similar issue because they implement Flash features through an authplay.dll file that can be called from a PDF.  Finally, Adobe Shockwave Player is vulnerable to attack through a remote code execution issue, as well.  There are no patches available for the Adobe Acrobat, Reader or Shockwave Player vulnerabilities.

Adobe Shockwave Player Vulnerability

Posted on June 25th, 2009

GSA Reference Number: AD090625-01

Simply Put: Adobe Shockwave Player, which is used by browsers to play Shockwave media, has a remote code execution vulnerability in version 11.5.0.596 and earlier versions.  Adobe has released a new player to address this vulnerability.  Unfortunately, the current Shockwave Player must be uninstalled before upgrading.  The uninstall requires a reboot.