Adobe promises to fix a serious vulnerability in Shockwave in February

Posted: December 25, 2012 in IT Security News
Tags: , ,

Adobe Logo

Vulnerability in Shockwave

Adobe has promised in February to eliminate dangerous vulnerability in its software Shockwave.

The identified vulnerability allows an attacker to embed multimedia content Shockwave-instructions to download the software to the user’s computer to run them on the victim computer. It is noted that this vulnerability exists in the system has at least two years.

In US CERT, warned about the vulnerability, saying that Shockwave allows attackers without notice to place malicious code on the system and implement it, which gives them almost unlimited power, the attacks. US CERT first notified Adobe about the problem more October 27, 2010, but Adobe claims that the issue will be closed until next update Shockwave, scheduled for February 12.

In Adobe say that today they do not know if there are any active exploits working on this vulnerability, respectively, for the affected users while not dangerous, say in the press service of the company.

In US CERT said that if the content can be played through Shockwave no clear indication that the play should be used for only the last 11 Shockwave, the system can be connected from the ActiveX Shockwave 10 and activate the vulnerability. According to the organization of the application Shockwave, it is used as ActiveX when working with Microsoft Internet Explorer and as a plug-in for other browsers.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s