Adobe
All of the flaws can allow remote code execution

Adobe patches five critical Shockwave flaws

Users urged to upgrade as soon as possible

Iain Thomson in San Francisco

V3.co.uk, 06 Nov 2009

Adobe has issued a bundle of security patches to fix five critical flaws in its Shockwave media player.

The company has not said whether any exploits have been spotted in the wild, but is urging the millions of Shockwave users to upgrade to version 11.5.2.602 immediately.

Advertisement

Four of the five flaws, all of which can allow remote code execution, were discovered by researchers at vulnerability research company VUPEN Security.

"We discovered four critical vulnerabilities affecting Adobe Shockwave Player, a technology installed on 450 million internet-enabled desktops," the firm said.

"These issues, reported to Adobe a few weeks ago, are caused due to memory corruption and invalid pointer and index errors when processing malformed Shockwave content.

"They could be exploited to remotely compromise a vulnerable system when a user visits a specially crafted web page, e.g. using Internet Explorer or Firefox."

The fifth flaw is a boundary condition issue that could lead to a denial of service problem with the software.

Adobe has pledged to reduce the amount of time it takes to patch flaws from months to weeks, and the speed of delivery of this update suggests that the target is being met.

  • Have your say
  • Send to a friend
  • Print
  • Digg
  • Reddit
  • Share

Do you agree?

Have your say on this article

Further reading

Mozilla Firefox

Mozilla posts Firefox 3.5.4 update

New release addresses stability and security flaws

Oracle

Oracle to roll out huge patch update

38 fixes across hundreds of products

Adobe slips out major security update

Company releases 29 patches for Reader and Acrobat

Microsoft delivers hefty load for Patch Tuesday

34 flaws patched in latest monthly update

Related whitepapers

Related jobs

Most watched

iPhone

Video Review: iPhone 3GS

We put Apple's latest iPhone through its paces

V3.co.uk weekly debrief, 5 Feb 2010

This week we cover the continuing controversy surrounding the Orange T-Mobile deal

More video

Analysis and Reports

Using managed services to protect mobile data users from the latest security threats

Counting the cost of data security: the benefits of secured mobile services

Shifting Disaster Recovery targets with SharePoint and SQL server configurations

Using a hostbased recovery system for mission-critical systems

Poll

Adobe Flash poll

Adobe Flash poll

Do you agree with Steve Jobs about Flash being buggy?

View poll results

Advertisement

White paper library

Keep up to date with the latest products, services and technologies from the world's leading IT companies; IThound.com brings you over 6,000 white papers, case studies and analyst reports.

Advertisement

Newsletter signup

Sign up for our range of FREE newsletters:

  • More available - 'submit' to view

Existing User

Newsletter user login:

Enter email address to edit your newsletter preferences

Job of the week

More IT jobs

Search thousands of IT jobs :

Search thousands of IT jobs:

Advanced search

Hiring now on ComputingCareers:

Related IT jobs

More IT jobs

Search thousands of IT jobs :

Search thousands of IT jobs:

Advanced search

Advertisement

Spotlight

Windows 7

Microsoft denies Windows 7 battery problems

Replacement warning functioning normally, claims software giant

Safer Internet Day

Safer Internet Day highlights online threats

Annual initiative warns of phishing, ID theft and social network...

AMD Fusion

AMD details Fusion innovations at ISSCC

Forthcoming chip with four CPU and one GPU cores will...

MSI Wind U135

Review: MSI Wind U135 netbook

A decent netbook incorporating the latest Intel technology in a...

Primary Navigation