[SingCERT] Adobe Shockwave Player Update

Published on Wednesday, 04 September 2013 14:13

[ Summary ]

Adobe has released a security update for Adobe Shockwave. This update addresses vulnerabilities that could allow an remote attacker can cause arbitrary code to be executed on the affected system.

A remote user can create specially crafted content that, when loaded by the affected user, will execute arbitrary code on the affected system. The code will run with the privileges of the affected user.

A memory corruption vulnerability that may lead to code execution [CVE-2013-3348].

 

[ Affected Software ]

Adobe Shockwave Player 12.0.2.122 and earlier versions for Windows and Macintosh. 


[ Impact Analysis ]

A remote user can create Shockwave content that, when loaded by the target user, will execute arbitrary code on the target user's system.


[ Workaround/Solution ]

Adobe has released a fix for Adobe Shockwave Player. Users are advised to update their Shockwave Player to avoid being exploited.


[ Reference ]

http://www.adobe.com/support/security/bulletins/apsb13-18.html