Adobe Fixes Critical Shockwave Vulnerability

Martin Brinkmann
Jun 25, 2009
Updated • Nov 22, 2012

Adobe has issues a security patch for the Adobe Shockwave software program that fixes one vulnerability that has been rated critical by Adobe Software. The vulnerability gives attackers, who can attack systems remotely, control over affected computer systems. The interesting aspect of the issued patch is that Adobe recommends to completely uninstall Adobe Shockwave or earlier on the computer systems before installing the latest version of the software product. The latest version includes a fix so that computers can no longer be attacked with exploits that target this particular vulnerability.

To secure a computer system running Adobe Shockwave a user would therefor have to uninstall Adobe Shockwave, perform a system restart and install the latest version of Shockwave after the reboot.

The Security Bulletin that has been published at the Adobe website gives little information about the vulnerability other than it can be remotely exploited and that it only affects the Microsoft Windows operating system. Users are encouraged to download the latest version of Adobe Shockwave from the program's website.

It should also be noted that this vulnerability targets only Adobe Shockwave and not Adobe Flash. Thanks goes to Dante for sending me the information via email.

Update: The latest version of Adobe Shockwave can be downloaded from the official website. It is always recommended to upgrade Shockwave to the latest version whenever an update is released by Adobe Software.

Maybe you are interested to know the difference between Shockwave Player and Adobe Flash? Shockwave Player includes Adobe Flash, it goes beyond what Flash offers. According to Adobe, the player is used to display destination Web content, interactive multimedia product demos, training, e-merchandising applications ad rich-media multi-user games.


Previous Post: «
Next Post: «


  1. DanTe said on June 25, 2009 at 3:48 pm

    Paulus should write to Adobe and ask them. Because Adobe clearly issued their bulletin here on 6/23/09. As to why Adobe wants people to uninstall first before installing the new version: I would hazard a guess that a normal Shockwave uninstall leaves artifacts behind and one needs to do a “custom” uninstall to remove all.

  2. Taomyn said on June 25, 2009 at 11:56 am

    This is odd as I always thought just like the flash installer, the shockwave one always uninstalled the previous version first before continuing.

  3. paulus said on June 25, 2009 at 11:20 am

    Ferry strange indeed this because its (no more than) normal when a manufacturer (in this case Adobe) updates his (Adobe) product the manufacturer wil give it (the software) a new release number.

  4. paulus said on June 25, 2009 at 10:56 am

    Again i have to wright that the Adobe Shockwave Player was already released on tuesday one week ago (2009-06-16) and could be that tuesday already be downloaded from the majorgeeks website.
    sea for yourself at

    1. Martin said on June 25, 2009 at 11:03 am

      Yes but the vulnerability was disclosed (or updated) on June, 23

  5. Martin said on June 25, 2009 at 10:41 am

    The release date of the update was June 23, 2009

  6. paulus said on June 25, 2009 at 10:28 am

    I am somewhat confused this because this is relatively old news from tuesday one week ago (2009-06-16)

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.