MyCERT Advisories

MyCERT Advisories, Alerts and Summaries for the year 2012

MA-311.052012 : MyCERT Alert - Multiple Critical Vulnerabilities in Adobe Shockwave Player

Date of publication: 2012-05-10

1.0 Introduction

Multiple critical vulnerabilities (CVE-2012-2029, CVE-2012-2030, CVE-2012-2031, CVE-2012-2032, CVE-2012-2033) have been identified in Adobe Shockwave Player and earlier versions for Windows and Macintosh. [1]

These vulnerabilities allow a remote attacker to execute arbitrary code on a vulnerable version of Adobe Shockwave Player. User interaction is required where a user must visit a malicious web site, which is embedded with a specially crafted SWF file. These vulnerabilities would cause the application to crash and could potentially allow an attacker to take control of the affected system.

2.0 The list of the critical vulnerabilities are as below:

By exploiting these vulnerabilities, an attacker could execute arbitrary code on vulnerable installations of Adobe Shockwave Player and gain the same privilege as the user. These vulnerabilities could be exploited to install malware on the user's computer.

3.0 Affected Products

  • Shockwave Player and earlier versions for Windows and Macintosh

4.0 Recommendations

MyCERT recommends users of Adobe Shockwave Player to upgrade to the latest version by downloading it from the following URL:

MyCERT generally advise users to keep themselves updated with the latest security announcements by the vendor. In case the public receives any suspicious URL or file, and requires our further analysis, please reach us through the following channels:

E-mail :
Phone : 1-300-88-2999 (monitored during business hours)
Fax : +603 89453442
Handphone : +60 19 2665850 (24x7 call incident reporting)
SMS : CYBER999 REPORT to 15888
Business Hours : Mon - Fri 08:30 -17:30 MYT

5.0 References

i -