Adobe Releases Patch for Shockwave PlayerAdobe Systems has recently issued a security patch that repairs a critical flaw in its Shockwave Player, the company reported through a blog post on June 23, 2009. The product (Shockwave Player) is used to display the content created using Adobe's Director Application, which presents sophisticated devices for the development of interactive content such as Flash. The Director program also helps to create high-quality images, 3D models and long-form or full-screen digital content. It gives more control over the display of the elements. Security researchers have said that the flaw makes an impact on Adobe Shockwave Player 11.5.0.596 and its older versions. However, according to the advisory from Adobe, there is no detail description of the vulnerability although its severity is evident. Meanwhile, a successful exploitation of the flaw could let a remote hacker fully compromise a vulnerable computer. This control over the PC is perhaps within the logged-in end-user's circumstances. Therefore, if any user operates with fewer privileges, then a hacker could only do less harm. The attack occurs with a maliciously created Shockwave .DCR file. Moreover, it is not enough to just install the new version of Shockwave Player but one needs to uninstall the previous version and reboot the system prior to installing the updated one. According to the advisory, a much older edition of the Shockwave Player 11.0.0.465 took care of the problem, but a "backwards compatibility method variation" was found regarding the issue with Shockwave Player 10 content. The first time the vulnerability was revealed it was through the Tipping Point ZDI (Zero Day Initiative), which works with ZDI paying a fee to the researcher to do an analysis of the vulnerability and ZDI subsequently retaining the details until a patch becomes available. During May 2009, Adobe declared it was all set to conduct a detail examination of the traditionally brought down code in Reader and Acrobat following hackers' exploitation of the perilous flaws. The organization further said it would regularly issue patches in every interval of three months, while the day of release would be the month's second Tuesday. Related article: Adobe Rates Acrobat Vulnerabilities “Critical” » SPAMfighter News - 7/8/2009 |    |
Dear Reader
We are happy to see you are reading our IT Security News.
We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!
 |  |
