Adobe fixes critical Macromedia flaws

Flash, Shockwave and other multimedia products could leave systems vulnerable to attack via a malicious Shockwave Flash object file. The vendor recommends users update immediately.

Adobe Systems Inc. released software updates Tuesday that address high priority vulnerabilities in several of its multimedia products.

The San Francisco-based vendor said flaws in its Flash Player, Breeze Meeting Add-In, Shockwave Player and Flash Debut Player could allow an attacker to take control of affected systems.

In order for the vulnerability to be exploited, Adobe said, a malicious Shockwave Flash object (.swf) file must be loaded by a user. The specific software versions affected include:

  • Flash Player versions and earlier
  • Breeze Meeting Add-In Version 5.1 and earlier
  • Shockwave Player version and earlier
  • Flash Debug Player version and earlier

Abobe's bulletin stated that the vulnerabilities could be accessed through content delivered from a remote location via the user's Web browser, e-mail client or other applications that make use of Flash Player.

The vendor rates the severity of the flaws as critical, and recommends affected users update immediately to newly available versions of its software, which can be downloaded via its Web site.

Adobe credited Microsoft for reporting the vulnerabilities.

These new fixes come just a few weeks after Adobe patched a critical Shockwave flaw that resided in the player's ActiveX installer.

Dig deeper on Web Application Security



Enjoy the benefits of Pro+ membership, learn more and join.



Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: