A security flaw in Adobe Systems’ Macromedia Shockwave Installer could put millions of PC users at risk of code execution attacks, the company warned in an advisory.
\nThe flaw, which carries a “critical” rating, affects Shockwave Player 10.1.0.11 and earlier versions. According to Adobe’s advisory, the vulnerability occurs only during the installation process, and current users do not need to take action.<\/p>\n
“Customers downloading and installing the latest Shockwave Player are also no longer vulnerable with the updated Shockwave Player ActiveX installer,” Adobe officials said.<\/p>\n
The company credited Tipping Point’s Zero Day Initiative with reporting the issue, which is caused due to a boundary error in the Shockwave Installer ActiveX control. It sets up a scenario where a malicious hacker can trigger a stack-based buffer overflow via overly long values passed in two specific parameters to the control.<\/p>\n
Security alerts aggregator Secunia warned that successful exploitation allows arbitrary code execution, but it requires that users are tricked into visiting a malicious Web site that prompts them to install Shockwave Player.<\/p>\n
Users should only install Shockwave Player directly from Adobe’s Web site, Secunia officials said.<\/p>\n
more from [url=http:\/\/www.eweek.com\/article2\/0,1895,1931039,00.asp]e-week[\/url]<\/p>\n","protected":false},"excerpt":{"rendered":"
Flaw in Macromedia Shockwave Installer<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_seopress_robots_primary_cat":"","_seopress_titles_title":"","_seopress_titles_desc":"","_seopress_robots_index":"","jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[3],"tags":[],"class_list":["post-353","post","type-post","status-publish","format-standard","hentry","category-security"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p4bBYZ-5H","_links":{"self":[{"href":"https:\/\/deepquest.code511.com\/blog\/wp-json\/wp\/v2\/posts\/353","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/deepquest.code511.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/deepquest.code511.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/deepquest.code511.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/deepquest.code511.com\/blog\/wp-json\/wp\/v2\/comments?post=353"}],"version-history":[{"count":0,"href":"https:\/\/deepquest.code511.com\/blog\/wp-json\/wp\/v2\/posts\/353\/revisions"}],"wp:attachment":[{"href":"https:\/\/deepquest.code511.com\/blog\/wp-json\/wp\/v2\/media?parent=353"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/deepquest.code511.com\/blog\/wp-json\/wp\/v2\/categories?post=353"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/deepquest.code511.com\/blog\/wp-json\/wp\/v2\/tags?post=353"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}