Adobe Releases Security Patches for Shockwave Player

Adobe Systems recently (November 4, 2009), issued an update to patch vulnerabilities in its Shockwave Player and suggested users that they should install new version 11.5.2.602 as a guard against online assaults exploiting the flaws.

By assigning a "critical" rating to the update, Adobe made the security bulletin one of highest priority for flaws, which (if exploited) could let surreptitious execution of remote code by a hacker on a user's computer.

Moreover, the update addresses four different security flaws of which three relate to string length, pointer and invalid index issues that could let the execution of remote code, while the fourth one relates to an issue of boundary condition with which an attacker could create a Denial-of-Service situation.

Describing Shockwave Player, Adobe said - it displays content developed by the company's Director Program. This program presents sophisticated devices for creating Flash and other interactive content. The Director Program also helps to create high-quality images, 3D models and long-form or full-screen digital content, and allows more control over them in terms of the method of their display. Earlier during July 2009, Adobe had released an update to mend its Shockwave Player.

It has been noticed that hackers often target security flaws in third-party software. With flaws in Windows abating, hackers are searching for problems in third-party applications for exploitation and subsequent compromise of computers.

Besides, Adobe's programs are often attacked because of their wide acceptance. Thus, applications like Acrobat and Reader, and Flash have been exploited many times to take control of PCs.

However, Adobe suggests that people using Shockwave Player 11.5.1.601 and previous editions upgrade to version 11.5.2.602 because hackers could exploit Player's vulnerabilities to compromise system when a user goes to a malware ridden website through Firefox or Internet Explorer.

During June 2009, Adobe patched a similar flaw, which could lead to compromise of an affected system. Consequently, it required Shockwave Player to be wholly un-installed, system rebooted and version 11.5.0.600 re-installed. Later in July 2009, patches for three more vulnerabilities were issued after the discovery of problem in the Active Template Library of Microsoft.

Related article: Adobe Rates Acrobat Vulnerabilities “Critical”

» SPAMfighter News - 11/19/2009