Adobe Systems Inc. is warning customers about a critical flaw in Shockwave Player that could be used by an attacker to take complete control of a victim's machine.
The flaw is in Adobe Shockwave Player 18.104.22.1686 and earlier versions. An error occurs when the player processes Shockwave Player 10 content and can be exploited to corrupt memory via a specially crafted Adobe Director file.
Adobe is urging users to uninstall versions prior to 22.214.171.1240, restart their system and install version 126.96.36.1990.
Danish vulnerability clearinghouse Secunia gave the flaw a highly critical rating. So far there have been no reports of exploits in the wild.
The vulnerability was discovered by security researcher Paul Kurczaba and reported to TippingPoint's Zero Day Initiative.