Critical flaws haunt Adobe Shockwave Player

Critical flaws haunt Adobe Shockwave Player

Summary: The vulnerabilities affect Adobe Shockwave Player 11.5.2.602 and earlier versions, on the Windows and Mac operating systems.

SHARE:

Adobe's run on the patching treadmill continued this week with a "critical" update to fix a pair of code execution holes in its Shockwave Player.

The vulnerabilities affect Adobe Shockwave Player 11.5.2.602 and earlier versions, on the Windows and Mac operating systems. 

According to an Adobe advisory,  an attacker who successfully exploits the vulnerabilities could run malicious code on the affected system.

  • This update resolves a buffer overflow vulnerability that could potentially lead to code execution (CVE-2009-4002).
  • This update resolves multiple integer overflow vulnerabilities that could potentially lead to code execution (CVE-2009-4003).

Adobe recommends Shockwave Player users uninstall Shockwave version 11.5.2.602 and earlier on their systems, restart their systems, and install Shockwave version 11.5.6.606.

Adobe says more than  450 million Internet-enabled desktops have installed Adobe Shockwave Player.

Topics: Enterprise Software, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

39 comments
Log in or register to join the discussion
  • again, Linux is fine, only windoze is affected

    same story every day, even when the main culprit is not M$!
    What are you waiting for people?
    Linux Geek
    • Guess what?

      Windows is safe from this... if they did not install the crapware called Shockwave ;)


      PS: btw like Linux is unsafe is you keep logged in as root to navigate through the internets...
      Ceridan
    • Wrong!

      You could be attacked even if you use Linux;
      simply install VMWare and install Windows in it.


      Problem created.
      AzuMao
      • You forgot to add

        CanSecWest. Linux was put down faster there than with consumers that put down systems when netbooks shipped on them.
        Joe_Raby
        • Are you referring to..

          ..<a href=http://www.gadgetell.com/tech/comment/vista-falls-linux-pwns-this-years-cansecwest/>this</a>?
          AzuMao
  • HOW?

    How did we let Adobe's products become so ubiquitous on the Internet? Their products seem to be the gateway into our PC kingdoms. Adobe products are my BIGGEST patching headache of the past 2 years, hands down!!
    bmgoodman
  • Who uses Shockwave anymore?

    The only time I see Shockwave on computers is when it's preloaded. I never see users actually [i]use[/i] or choose to install Shockwave. Flash, sure. But not Shockwave. I guess this is another case of a "if it's on the computer, why remove it?" scenario with uninformed users, much like the Flash 6 security issues with XP.

    Didn't Adobe abandon Shockwave in favour of AIR anyway?
    Joe_Raby
    • Hmm...

      [i]The only time I see Shockwave on computers is
      when it's preloaded. I never see users actually
      use or choose to install Shockwave. Flash, sure.
      But not Shockwave. I guess this is another case of
      a "if it's on the computer, why remove it?"
      scenario with uninformed users,[/i]

      Much like Windows coming preloaded on most
      computers.
      AzuMao
      • The difference is they choose not to buy computers with Linux

        It's the reason why netbook sales exploded in the past year - Windows. Not Linux.
        Joe_Raby
        • The difference is I choose to WIPE XP, and install Linux

          'Got my netbook on Friday. Friday evening XP was gone and Ubuntu 9.10 was on it. No issues at all. Everything works, even my USB Verizon highspeed internet connection thru the cellular system.

          I think I'll stay with Linux.
          tombutler
        • Because there aren't any, usually.

          And the few stores that do offer any, sell them
          for more than the Windows ones due to anti-
          competitive pressure from Microsoft, despite the
          fact that they are actually cheaper for the OEMs
          due to not needing licenses.
          AzuMao
          • got any evidence

            that it's anti-competitive pressure from MS, and not a lack of consumer interest?

            Keep in mind MS is still under anti-trust regulation, any hint of OEM pressure would be investigated.
            rtk
          • Evidence..

            ..you mean like <a href=http://www.justice.gov/atr/cases/f0000/0046.htm>this</a>?

            Such behavior from Microsoft is nothing new and had been long since established as common knowledge, I thought.
            AzuMao
          • past behavior

            maybe you didn't know the trial is long over? Judge colleen kollar-kotelly believes such behavior from Microsoft is old news.
            rtk
          • That wasn't the last incident :p it was the first.

            <a href=http://lists.essential.org/info-policy-notes/msg00005.html>They've</a>
            <a href=http://www.kuro5hin.org/story/2001/10/23/13219/110>continued</a>


            edit: whoops, should have followed my own advice about reading things thoroughly before citing them. Sorry about that :<
            AzuMao
          • Last two links disprove your claim

            Dell offers Ubuntu, so obviously they're under no anti-competitive pressure to not offer Linux, or at least not effective pressure.

            Both the last links claim to come up with the license cost of windows, what's that got to do with your claim?
            rtk
  • Yikes!

    Adobe software? Unsafe? Who would've guessed!

    Thanks so much for warning us about this news.
    AzuMao
  • Flash and Shockwave are the worst things that ever happened to the internet

    Both pieces of crapware are bloated, slow and full of security holes. Both are used to do things that are obnoxious and annoying. They lock up content and code in a proprietary cage and make it difficult, if not impossible, to jailbreak. If it can't be done using HTML and scripting then it shouldn't be on a web page.
    sismoc
    • Right on!

      Exactly!

      Only ActiveX is worse -- all of the above plus locked to Windows and Internet Exploder, er, Explorer.

      Firefox, NoScript, and Flashblock are the only things that keep me sane with Windows internet usage.
      wkulecz
    • Adobe can't even be bothered to provide 64-bit.

      For 64-bit Linux you have to take a 32-bit Flash Player and put a 64-bit wrapper around it. Adobe are a useless company and deserve to fade away.
      peter_erskine@...