Accessibility
Adobe
Sign in Privacy My Adobe

Security bulletin

Security Update available for Shockwave Player

Release date: June 23, 2009

Vulnerability identifier: APSB09-08

CVE number: CVE-2009-1860

Platform: Windows

Summary

A critical vulnerability has been identified in Adobe Shockwave Player 11.5.0.596 and earlier versions. This vulnerability could allow an attacker who successfully exploits this vulnerability to take control of the affected system.  Adobe has provided a solution for the reported vulnerability.  It is recommended that users update their installations using the instructions provided below.

Affected software versions

Shockwave Player 11.5.0.596 and earlier versions

Solution

Adobe recommends Shockwave Player users on Windows uninstall Shockwave version 11.5.0.596 and earlier on their systems, restart, and install Shockwave version 11.5.0.600, available here: http://get.adobe.com/shockwave/.

Severity rating

Adobe categorizes this as a critical update and recommends that users apply the update for their product installations.

Details

A critical vulnerability has been identified in Adobe Shockwave Player 11.5.0.596 and earlier versions. This vulnerability could allow an attacker who successfully exploits this vulnerability to take control of the affected system.  Adobe has provided a solution for the reported vulnerability (CVE-2009-1860).  This issue was previously resolved in Shockwave Player 11.0.0.465; the Shockwave Player 11.5.0.600 update resolves a backwards compatibility mode variation of the issue with Shockwave Player 10 content.  To resolve this issue, Shockwave Player users on Windows should uninstall Shockwave version 11.5.0.596 and earlier on their systems, restart, and install Shockwave version 11.5.0.600, available here: http://get.adobe.com/shockwave/.  This issue is remotely exploitable.

Acknowledgments

Adobe would like to thank Paul Kurczaba reporting through TippingPoint’s Zero Day Initiative (CVE-2009-1860) for reporting this vulnerability and for working with Adobe to help protect our customers’ security.