Adobe Systems Inc. released software updates Tuesday that address high priority vulnerabilities in several of its multimedia products.
The San Francisco-based vendor said flaws in its Flash Player, Breeze Meeting Add-In, Shockwave Player and Flash Debut Player could allow an attacker to take control of affected systems.
In order for the vulnerability to be exploited, Adobe said, a malicious Shockwave Flash object (.swf) file must be loaded by a user. The specific software versions affected include:
- Flash Player versions 220.127.116.11 and earlier
- Breeze Meeting Add-In Version 5.1 and earlier
- Shockwave Player version 10.1.0.11 and earlier
- Flash Debug Player version 18.104.22.168 and earlier
Abobe's bulletin stated that the vulnerabilities could be accessed through content delivered from a remote location via the user's Web browser, e-mail client or other applications that make use of Flash Player.
The vendor rates the severity of the flaws as critical, and recommends affected users update immediately to newly available versions of its software, which can be downloaded via its Web site.
Adobe credited Microsoft for reporting the vulnerabilities.
These new fixes come just a few weeks after Adobe patched a critical Shockwave flaw that resided in the player's ActiveX installer.