Ravens PHP Scripts

Shockwave Player Arbitrary Code Execution Vulnerability
Date: Wednesday, June 24, 2009 @ 20:12:51 PDT
Topic: Security


SECUNIA ADVISORY ID: SA35544

VERIFY ADVISORY: http://secunia.com/advisories/35544/

CRITICAL: Highly Critical

DESCRIPTION: A vulnerability has been reported in Shockwave Player, which can be exploited by malicious people to compromise a user's system. The vulnerability is reported in versions prior to 11.5.0.600. The vulnerability is caused due to an unspecified error when processing Shockwave Player 10 content and can be exploited to execute arbitrary code.

SOLUTION: Uninstall versions prior to 11.5.0.600, restart the system, and install version 11.5.0.600: http://get.adobe.com/shockwave/

PROVIDED AND/OR DISCOVERED BY: The vendor credits Paul Kurczaba, reported via ZDI.

ORIGINAL ADVISORY: http://www.adobe.com/support/security/bulletins/apsb09-08.html








This article comes from Ravens PHP Scripts
http://www.ravenphpscripts.com

The URL for this story is:
http://www.ravenphpscripts.com/modules.php?name=News&file=article&sid=3624