Adobe warns of critical Shockwave Flash Player zero-day

The vulnerability could be exploited by an attacker to cause a crash and take control of a victim's system.

Adobe Systems Inc. issued an advisory, Thursday, warning about a critical zero-day vulnerability in Shockwave Player

that could cause the program to crash and enable an attacker to take complete control of a victim's system.

Adobe said it was not aware of any attacks exploiting the vulnerability, but security experts said Thursday that exploit code targeting the new zero-day has surfaced. The zero-day flaw affects Adobe Shockwave Player and earlier versions running on Windows and Mac OS X.

"We are currently working on determining the schedule for an update to address this vulnerability in Adobe Shockwave Player," Adobe said in its security advisory.

The vulnerability was disclosed by researchers at Abysssec, a security consultancy that does penetration testing, reverse engineering and coding projects. In an advisory, the firm said an attacker could remotely exploit the Shockwave Player memory corruption error. The flaw is in the way the player's plug-in loads Adobe Director video files.

Abyssec said security protections in Windows 7 and Windows Vista would not protect users.

Danish vulnerability clearinghouse Secunia rated the vulnerability "extremely critical." In its advisory, Secunia said the Shockwave Player flaw is due to an array-indexing error.

- Robert Westervelt

Dig deeper on Securing Productivity Applications



Enjoy the benefits of Pro+ membership, learn more and join.



Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: