Exploit published for unpatched Adobe Shockwave vulnerability

Adobe has issued a security advisory to confirm the vulnerability and warn that the public attack code could provide a roadmap for malicious hackers to take complete control of a vulnerable computer.

A security researcher has released an exploit for an unpatched security vulnerability in Adobe's Shockwave Player, warning that the flaw could be targeted to launch drive-by malware download attacks.

Adobe has issued a security advisory to confirm the vulnerability and warn that the public attack code could provide a roadmap for malicious hackers to take complete control of a vulnerable computer.

Adobe rates the issue as "critical" and says the vulnerability affects Shockwave Player 11.5.8.612 and earlier versions for Windows and Mac OS X.

follow Ryan Naraine on twitter

A critical vulnerability exists in Adobe Shockwave Player 11.5.8.612 and earlier versions on the Windows and Macintosh operating systems. This vulnerability (CVE-2010-3653) could cause a crash and potentially allow an attacker to take control of the affected system.

While details about the vulnerability have been disclosed publicly, Adobe is not aware of any attacks exploiting this vulnerability at this time.

Adobe did not say when a patch would be made available.

The company did not offer any pre-patch mitigations but said it was actively sharing information about this vulnerability (and vulnerabilities in general) with partners in the security community to enable them to quickly develop detection and quarantine methods to protect users until a patch is available.

Technical details on the vulnerability can be found here.

The vulnerability appears eerily similar to this issue that was patched in August but Adobe security chief Brad Arkin says they appear unrelated.  Adobe is still conducting triage on the bug.

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All