Lucene search

K
thnWang WeiTHN:C7876F48610E23AEA16D6EADC08A9725
HistoryFeb 11, 2014 - 8:38 p.m.

Update Adobe Shockwave Player to fix Critical Remote Code Execution Vulnerabilities

2014-02-1120:38:00
Wang Wei
thehackernews.com
17

0.073 Low

EPSS

Percentile

94.1%

Update Adobe Shockwave Player to fix Critical Remote Code Execution Vulnerabilities

Adobe has released a security update to address critical vulnerabilities for _Adobe Shockwave Player _12.0.7.148 and earlier versions of the Windows and Mac OS X systems.

The Patch fixes two critical remote code execution vulnerabilities, that could potentially allow an attacker to remotely take control of the affected system.

According to the Security Advisory released by Adobe, the vulnerabilities labeled as CVE-2014-0500 and CVE-2014-0501, and very limited information is available at this moment. These vulnerabilities discovered and reported by_ Liangliang Song _of Fortinet’s FortiGuard Labs.

An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions.’ advisory explained.

Adobe gave the update its highest ‘Priority Ranking’ of 1, which indicates that a vulnerability is actively being targeted, or has a higher risk of being targeted by exploits in the wild.

The Adobe Shockwave Player version can be verified by visiting ‘this website’, and if it prompts you to download Adobe Shockwave Player, that means you haven’t installed it.

Windows and Mac OS X users are recommended to update their Adobe Shockwave Player 12.0.7.148 and earlier versions update to the newest version Adobe Shockwave Player 12.0.9.149.

0.073 Low

EPSS

Percentile

94.1%

Related for THN:C7876F48610E23AEA16D6EADC08A9725