Adobe Systems Inc. is warning customers about a critical flaw in Shockwave Player that could be used by an attacker to take complete control of a victim's machine.
The flaw is in Adobe Shockwave Player 220.127.116.116 and earlier versions. An error occurs when the player processes Shockwave Player 10 content and can be exploited to corrupt memory via a specially crafted Adobe Director file.
Adobe is urging users to uninstall versions prior to 18.104.22.1680, restart their system and install version 22.214.171.1240.
Danish vulnerability clearinghouse Secunia gave the flaw a highly critical rating. So far there have been no reports of exploits in the wild.
The vulnerability was discovered by security researcher Paul Kurczaba and reported to TippingPoint's Zero Day Initiative.