MA-246.082010 : MyCERT Alert - Multiple Critical Vulnerabilities in Adobe Shockwave Player
Date of publication: 2010-08-25
Multiple critical vulnerabilities (CVE-2010-2863, CVE-2010-2864, CVE-2010-2865, CVE-2010-2866, CVE-2010-2867, CVE-2010-2868, CVE-2010-2869, CVE-2010-2870, CVE-2010-2871, CVE-2010-2872, CVE-2010-2873, CVE-2010-2874, CVE-2010-2875, CVE-2010-2876, CVE-2010-2877, CVE-2010-2878, CVE-2010-2879, CVE-2010-2880, CVE-2010-2881 and CVE-2010-2882) have been identified in the Adobe Shockwave Player 220.127.116.119 for Windows and Macintosh operating systems.
These vulnerabilities allow a remote attacker to execute arbitrary code on a vulnerable version of Adobe Shockwave Player. User interaction is required where a user must visit a malicious web site, which is embedded with a specially crafted SWF file. This vulnerability would cause the application to crash and could potentially allow an attacker to take control of the affected system.
By exploiting this vulnerability, an attacker could execute arbitrary code on vulnerable installations of Adobe Shockwave and gain the same privilege as the user. This vulnerability could be exploited to install malware on the user's computer.
3.0 Affected Products
Products listed below are vulnerable to this vulnerability:
- Adobe Shockwave Player 18.104.22.1689 and earlier versions
MyCERT recommends users of Adobe Shockwave Player 22.214.171.1249 and earlier versions to upgrade to the newest version 126.96.36.1992 by downloading it from the following URL: http://get.adobe.com/shockwave/
MyCERT generally advise users of this product to keep themselves updated with the latest security announcements by the vendor. In case the public receives any suspicious URL or SWF and requires our further analysis, please reach us through the following channels:
E-mail : firstname.lastname@example.org
Phone : 1-300-88-2999 (monitored during business hours)
Fax : +603 89453442
Handphone : +60 19 2665850 (24x7 call incident reporting)
SMS : CYBER999 REPORT <EMAIL><COMPLAINT> to 15888
Business Hours : Mon - Fri 08:30 -17:30 MYT