Article

Adobe warns of critical Shockwave Flash Player zero-day

SearchSecurity.com Staff

Adobe Systems Inc. issued an advisory, Thursday, warning about a critical zero-day vulnerability in Shockwave Player that could cause the program to crash and enable an attacker to take complete control of a victim's system.

Adobe said it was not aware of any attacks exploiting the vulnerability, but security experts said Thursday that exploit code targeting the new zero-day has surfaced. The zero-day flaw affects Adobe Shockwave Player 11.5.8.612 and earlier versions running on Windows and Mac OS X.

"We are currently working on determining the schedule for an update to address this vulnerability in Adobe Shockwave Player," Adobe said in its

    Requires Free Membership to View

security advisory.

The vulnerability was disclosed by researchers at Abysssec, a security consultancy that does penetration testing, reverse engineering and coding projects. In an advisory, the firm said an attacker could remotely exploit the Shockwave Player memory corruption error. The flaw is in the way the player's plug-in loads Adobe Director video files.

Abyssec said security protections in Windows 7 and Windows Vista would not protect users.

Danish vulnerability clearinghouse Secunia rated the vulnerability "extremely critical." In its advisory, Secunia said the Shockwave Player flaw is due to an array-indexing error.

- Robert Westervelt


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: