Adobe Systems Inc. is warning customers about a critical flaw in Shockwave Player that could be used by an attacker to take complete control of a victim's machine.
The flaw is in Adobe Shockwave Player 22.214.171.1246 and earlier versions. An error occurs when the player processes Shockwave Player 10 content and can be exploited to corrupt memory via a specially crafted Adobe Director file.
Adobe is urging users to uninstall versions prior to 126.96.36.1990, restart their system and install version 188.8.131.520.
Danish vulnerability clearinghouse Secunia gave the flaw a highly critical rating. So far there have been no reports of exploits in the wild.
The vulnerability was discovered by security researcher Paul Kurczaba and reported to TippingPoint's Zero Day Initiative.