Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:22092
HistoryJun 27, 2009 - 12:00 a.m.

Security Update available for Shockwave Player

2009-06-2700:00:00
vulners.com
8
JSON

Security Update available for Shockwave Player

Release date: June 23, 2009

Vulnerability identifier: APSB09-08

CVE number: CVE-2009-1860

Platform: Windows
Summary

A critical vulnerability has been identified in Adobe Shockwave Player 11.5.0.596 and earlier versions. This vulnerability could allow an attacker who successfully exploits this vulnerability to take control of the affected system. Adobe has provided a solution for the reported vulnerability. It is recommended that users update their installations using the instructions provided below.
Affected software versions

Shockwave Player 11.5.0.596 and earlier versions
Solution

Adobe recommends Shockwave Player users on Windows uninstall Shockwave version 11.5.0.596 and earlier on their systems, restart, and install Shockwave version 11.5.0.600, available here: http://get.adobe.com/shockwave/.
Severity rating

Adobe categorizes this as a critical update and recommends that users apply the update for their product installations.
Details

A critical vulnerability has been identified in Adobe Shockwave Player 11.5.0.596 and earlier versions. This vulnerability could allow an attacker who successfully exploits this vulnerability to take control of the affected system. Adobe has provided a solution for the reported vulnerability (CVE-2009-1860). This issue was previously resolved in Shockwave Player 11.0.0.465; the Shockwave Player 11.5.0.600 update resolves a backwards compatibility mode variation of the issue with Shockwave Player 10 content. To resolve this issue, Shockwave Player users on Windows should uninstall Shockwave version 11.5.0.596 and earlier on their systems, restart, and install Shockwave version 11.5.0.600, available here: http://get.adobe.com/shockwave/. This issue is remotely exploitable.
Acknowledgments

Adobe would like to thank Paul Kurczaba reporting through TippingPoint’s Zero Day Initiative (CVE-2009-1860) for reporting this vulnerability and for working with Adobe to help protect our customers’ security.

Related

securityvulns 2
threatpost 1
prion 2
nessus 1
cve 2
zdi 1
openvas 2
seebug 1
checkpoint_advisories 1
securityvulns
securityvulns
ZDI-09-044: Adobe Shockwave Player Director File Parsing Pointer Overwrite Vulnerability
2009-06-27 00:00:00
Adobe Shockwave Player memory corruption
2009-06-27 00:00:00
threatpost
threatpost
Adobe Fixes Critical Shockwave Vulnerability
2009-06-24 10:11:41
prion
prion
Code injection
2009-06-25 01:30:00
Design/Logic Flaw
2009-06-25 01:30:00
nessus
nessus
Shockwave Player Crafted Director File Handling Remote Code Execution (APSB09-08)
2009-06-28 00:00:00
cve
cve
CVE-2009-1860
2009-06-25 01:30:00
CVE-2009-2186
2009-06-25 01:30:00
zdi
zdi
Adobe Shockwave Player Director File Parsing Pointer Overwrite Vulnerability
2009-06-24 00:00:00
openvas
openvas
Adobe Shockwave Player Remote Code Execution Vulnerability
2009-06-30 00:00:00
Adobe Shockwave Player Remote Code Execution Vulnerability
2009-06-30 00:00:00
seebug
seebug
Adobe Shockwave Player Director文件解析远程代码执行漏洞
2009-06-25 00:00:00
checkpoint_advisories
checkpoint_advisories
Adobe Shockwave Player Pointer Memory Overwrite (APSB09-08; CVE-2009-1860)
2009-06-23 00:00:00
JSON
Related for SECURITYVULNS:DOC:22092
securityvulns2threatpost1prion2nessus1cve2zdi1openvas2seebug1checkpoint_advisories1