May 19, 2020

Adobe patches 11 holes in Shockwave Player

Critical vulnerabilities have been identified in Adobe Shockwave Player and earlier versions on the Windows and Macintosh operating systems. These vulnerabilities, including CVE-2010-3653, referenced in Security Advisory APSA10-04, could allow an attacker, who successfully exploits these vulnerabilities, to run malicious code on the affected system. Adobe recommends users of Adobe Shockwave Player and earlier versions update to Adobe Shockwave Player using the instructions provided below.

Read the full story here.

Source:[Adobe Website]

Zero-day exploit for Adobe Shockwave

A Windows exploit for a previously undisclosed hole in Adobe’s Shockwave player has been released. The demonstration version of the the exploit merely opens the Windows calculator when a specially crafted web page is accessed. However, criminals could exploit the hole to infect a PC with malware. The exploit currently only works under Windows XP SP3 and just triggered a browser crash when tested with Windows 7 and Internet Explorer by the The H’s associates at heise Security.

Read the full story here.