Adobe Fixes Critical Shockwave Vulnerability

Adobe has patched a critical security flaw in its Shockwave Player software which could enable an attacker to gain complete control of affected machines. The vulnerability affects version 11.5.0.596 and earlier of Shockwave.

Adobe has released a new version of the software, version 11.5.0.600, and the company recommends that users completely uninstall the existing version of Shockwave on their systems, reboot, and then install the new version.

“A critical vulnerability has been identified in Adobe Shockwave Player 11.5.0.596 and earlier versions. This vulnerability could allow an attacker who successfully exploits this vulnerability to take control of the affected system. Adobe has provided a solution for the reported vulnerability (CVE-2009-1860). This issue was previously resolved in Shockwave Player 11.0.0.465; the Shockwave Player 11.5.0.600 update resolves a backwards compatibility mode variation of the issue with Shockwave Player 10 content,” the company said in its advisory.