All the latest UK technology news, reviews and analysis

Adobe patches five critical Shockwave flaws

by Iain Thomson

More from this author

06 Nov 2009

Be the first to comment

  • Tweet this
Adobe
All of the flaws can allow remote code execution

Adobe has issued a bundle of security patches to fix five critical flaws in its Shockwave media player.

The company has not said whether any exploits have been spotted in the wild, but is urging the millions of Shockwave users to upgrade to version 11.5.2.602 immediately.

Further reading

Four of the five flaws, all of which can allow remote code execution, were discovered by researchers at vulnerability research company VUPEN Security.

"We discovered four critical vulnerabilities affecting Adobe Shockwave Player, a technology installed on 450 million internet-enabled desktops," the firm said.

"These issues, reported to Adobe a few weeks ago, are caused due to memory corruption and invalid pointer and index errors when processing malformed Shockwave content.

"They could be exploited to remotely compromise a vulnerable system when a user visits a specially crafted web page, e.g. using Internet Explorer or Firefox."

The fifth flaw is a boundary condition issue that could lead to a denial of service problem with the software.

Adobe has pledged to reduce the amount of time it takes to patch flaws from months to weeks, and the speed of delivery of this update suggests that the target is being met.

Do you agree?

Add your comment
 

Add your comment

We won't publish your address
By submitting a comment you agree to abide by our Terms & Conditions. Your comment will be moderated before publication.
Submit your comment

Latest stories from Security

german flag

Germany backs away from ACTA

Related white papers

Related articles

Related jobs

Today's top stories

heartvalentinesday

Top 10 Valentine's Day technology matches made in heaven

Microsoft Windows 8 start screen

Microsoft talks up Windows 8 for ARM hardware

Security enhancements will be added with the Chrome 17 update

Chrome for Android hands on review

Poll

IT priorities for 2012

What is the most important IT priority for your company this year?

99%

0%

1%

0%

0%

Features

V3 and The INQUIRER editor Madeline Bennett

BBC and Sky News show tough love with Twitter policies

V3's Rosalie Marshall

World indulges in a Facebook facts fest as firm prepares to float

facebook-new

Top five most interesting figures from Facebook’s IPO

Khidr headshot

Intel will prove Steve Jobs wrong in the mobile market

More features

Connect with V3.co.uk

Sign up to our daily or weekly newsletters

Case studies and reports

Accurev

Top 5 software development challenges

This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes

Talend

Rubbish in, rubbish enterprise

Why good data management at all levels is essential in the modern business (video, 6mins)

Technology jobs

Systems Analyst - Project Lead - Chelmsford - £50k-55K+Bens

Systems Analyst - Project Lead - Chelmsford, Essex...

Windows Systems Engineer (Windows Log File, Syslog) learn SIEM

Windows Systems Engineer (Windows Log File, Syslog) learn...

PHP Developer - Zend, MVC

Role: MVC PHP Developer Location: London, Central...

Senior Web Developer / Engineer (HTML, JavaScript, CSS)

Title: Senior Web Developer / Engineer (HTML, JavaScript...

To send to more than one email address, simply separate each address with a comma.