23 October 2012, 17:09
Adobe fixes critical Shockwave vulnerabilities
Numerous critical flaws in Shockwave, which could allow an attacker to inject malicious code into a system, have been closed by Adobe with the release of Shockwave Player 11.6.8.638 for Windows and Macintosh systems. Overall, the vulnerabilities have six CVE numbers assigned to them (CVE-2012-4172, CVE-2012-4173, CVE-2012-4174, CVE-2012-4175, CVE-2012-4176, CVE-2012-5273) and are mostly buffer overflows with one array out of bounds vulnerability.
Adobe has said that the update is a priority 2 issue. The company recommends users update their installations as soon as is possible, but notes there are no known Shockware exploits in the wild for these flaws.
(djwm)
Print Version | Send by email
| Permalink: http://h-online.com/-1735371
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/6/7/2/comingin310_4_kicker-4977194bfb0de0d7.png)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/3/2/3/comingin310_3_kicker-151cd7b9e9660f05.png)
