December 3, 2016

Adobe Releases Critical Security Bulletins for Shockwave, Flash Media Server and Photoshop

(LiveHacking.Com) – Following Google’s update of Chrome to include a new version of Adobe Flash Player,  Adobe has now released additional  security bulletins listing critical and important vulnerabilities in multiple products including Shockwave, Flash Media Server and Photoshop. The full list is:

  • Adobe Shockwave Player 11.6.0.626 and earlier versions on the Windows and Macintosh operating systems
  • Adobe Flash Media Server 4.0.2 and earlier versions
  • Adobe Flash Media Server 3.5.6 and earlier versions for Windows and Linux
  • Adobe Photoshop CS5 and CS5.1 and earlier for Windows and Macintosh
  • RoboHelp 9.0.1.233 and earlier, RoboHelp 8, RoboHelp Server 9, and RoboHelp Server 8

Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, take control of an affected system, or perform a cross-site scripting attack.

Memory corruptions

With the exception of RoboHelp, all the patches fix memory corruptions which if exploited could lead to execute arbitrary code. For example, the vulnerability in Photoshop CS5 and CS5.1, for Windows and Macintosh, could be exploited with a malicious .GIF file when it is opened in Photoshop by the user.