More Adobe issues, back to the latest Shockwave player update now!

Gary · Nov 03, 2010, 15:51:36

Secunia Quote Description
"Krystian Kloskowski has discovered a vulnerability in Shockwave Player, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a use-after-free error in an automatically installed compatibility component as a function in an unloaded library may be called.

Successful exploitation allows execution of arbitrary code, but requires that a user is tricked into opening the "Shockwave Settings" window when viewing a web page.

The vulnerability is confirmed in version 11.5.9.615. Other versions may also be affected.

Solution
Do not open the "Shockwave Settings" window when viewing Shockwave content."

http://secunia.com/advisories/42112

Rik · Nov 03, 2010, 15:58:18

Bring back plain old HTML.

Gary · Nov 03, 2010, 16:02:20

Quote from: Rik on Nov 03, 2010, 15:58:18
Bring back plain old HTML.

Adobe is getting to be like the seventh bridge, just as you thinks its all done you have to start again. They hope to have a patch out tomorrow according to their blog http://www.adobe.com/support/security/advisories/apsa10-05.html for Flash Player, the 9th for Android, not sure when it said for Adobe Reader, and now Shockwave which was patched last week needs patching again

Rik · Nov 03, 2010, 16:05:21

And again, and again.

Gary · Nov 03, 2010, 16:09:14

Quote from: Rik on Nov 03, 2010, 16:05:21
And again, and again.

It seems to me you are safe just not using Adobe full stop. Thing is we need HTML5 to catch on a bit faster really, or Adobe to look at their code more closely

Rik · Nov 03, 2010, 16:16:57

Better yet, Adobe should get back to their core graphics products.

More Adobe issues, back to the latest Shockwave player update now!

Gary

Rik

Gary

Rik

Gary

Rik