Adobe has issued a patch bundle that fixes five critical flaws in its Shockwave player. Skip related content
The company is urging the millions of Shockware users to upgrade immediately, although it has not said if any exploits have been spotted in the wild. Four of the five flaws, all of which can allow remote code execution, were discovered by researchers at
VUPEN Security discovered four critical vulnerabilities affecting Adobe Shockwave Player, a technology installed on 450 million Internet-enabled desktops, the vulnerability research company said.
These issues, reported to Adobe a few weeks ago, are caused due to memory corruption and invalid pointer and index errors when processing malformed Shockwave content, and could be exploited to remotely compromise a vulnerable system when a user visits a specially crafted web page e.g. using IE or Firefox.
The fifth flaw is a boundary condition issue that could lead to a Denial of Service (DoS) issue with the software.
Adobe has pledged to bring down the amount of time it patches flaws from onths to weeks and the speed ofr delivery of this update suggests that tareget is being met.
The 4MB patch can be found here.
