Computer Science Security Alerts
To be emailed any new alerts as they appear, or to cease being emailed such alerts, send email to securityalerts-request@cs. These can also be obtained via an Atom or RSS feed.

Mon, Jun 29, 2009

Significant vulnerability in Adobe Shockwave; update available.
Adobe has reported a significant vulnerability in Adobe Shockwave Player version 11.5.0.596 and earlier. The vulnerability allows an attacker to create a malicious shockwave file which, when viewed in an affected version of Shockwave Player, runs arbitrary commands of the attacker's choice on the machine running the player. Because Shockwave Player is available as a plug-in for web browsers, any web browser using a vulnerable version of the player can be exploited by an attacker by making a malicious shockwave file available on a web site, and luring the user of the web browser to that site.

The flaw is fixed in Shockwave Player version 11.5.0.600 and later; please update any installations of Shockwave Player accordingly by going to the website http://get.adobe.com/shockwave/. For more information, see http://www.adobe.com/support/security/bulletins/apsb09-08.html.

/alerts     permanent link

CSLab Support Page
To be emailed any new alerts as they appear, or to cease being emailed such alerts, send email to securityalerts-request@cs. These can also be obtained via an Atom or RSS feed.

Blosxom

[Valid HTML 4.01 Transitional] [Valid RSS] [Valid Atom]