Adobe Patches Shockwave Security Flaws

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

Adobe recently released version of its Shockwave Player, patching several vulnerabilities that could allow an attacker to run malicious code on an affected system.

"Numerous critical flaws in Shockwave, which could allow an attacker to inject malicious code into a system, have been closed by Adobe with the release of Shockwave Player for Windows and Macintosh systems," The H Security reports. "Overall, the vulnerabilities have six CVE numbers assigned to them (CVE-2012-4172, CVE-2012-4173, CVE-2012-4174, CVE-2012-4175, CVE-2012-4176, CVE-2012-5273) and are mostly buffer overflows with one array out of bounds vulnerability."

"The company said it is not aware of active exploits," notes Threatpost's Michael Mimoso.

"Before you try to update Shockwave, you should check to see if your system even has it installed," advises Krebs on Security's Brian Krebs. "If you visit this link and see a short animation, it should tell you which version of Shockwave you have installed. If it prompts you to download Shockwave, then you don’t have Shockwave installed and in all likelihood don’t need it. If you update or install Shockwave, be on the lookout for pre-checked 'extras;' my test installation of this update tried to foist a 30-day trial of Norton Internet Security."

Submit a Comment

Loading Comments...