Adobe Fixes Critical Shockwave Vulnerability
Adobe has issues a security patch for the Adobe Shockwave software program that fixes one vulnerability that has been rated critical by Adobe Software. The vulnerability gives attackers, who can attack systems remotely, control over affected computer systems. The interesting aspect of the issued patch is that Adobe recommends to completely uninstall Adobe Shockwave 11.5.0.596 or earlier on the computer systems before installing the latest version of the software product. The latest version includes a fix so that computers can no longer be attacked with exploits that target this particular vulnerability.
To secure a computer system running Adobe Shockwave a user would therefor have to uninstall Adobe Shockwave, perform a system restart and install the latest version of Shockwave after the reboot.
The Security Bulletin that has been published at the Adobe website gives little information about the vulnerability other than it can be remotely exploited and that it only affects the Microsoft Windows operating system. Users are encouraged to download the latest version of Adobe Shockwave from the program's website.
It should also be noted that this vulnerability targets only Adobe Shockwave and not Adobe Flash. Thanks goes to Dante for sending me the information via email.
Update: The latest version of Adobe Shockwave can be downloaded from the official website. It is always recommended to upgrade Shockwave to the latest version whenever an update is released by Adobe Software.
Maybe you are interested to know the difference between Shockwave Player and Adobe Flash? Shockwave Player includes Adobe Flash, it goes beyond what Flash offers. According to Adobe, the player is used to display destination Web content, interactive multimedia product demos, training, e-merchandising applications ad rich-media multi-user games.
Advertisement
Paulus should write to Adobe and ask them. Because Adobe clearly issued their bulletin here http://www.adobe.com/support/security/bulletins/apsb09-08.html on 6/23/09. As to why Adobe wants people to uninstall first before installing the new version: I would hazard a guess that a normal Shockwave uninstall leaves artifacts behind and one needs to do a “custom” uninstall to remove all.
This is odd as I always thought just like the flash installer, the shockwave one always uninstalled the previous version first before continuing.
Ferry strange indeed this because its (no more than) normal when a manufacturer (in this case Adobe) updates his (Adobe) product the manufacturer wil give it (the software) a new release number.
Again i have to wright that the Adobe Shockwave Player 11.5.0.600 was already released on tuesday one week ago (2009-06-16) and could be that tuesday already be downloaded from the majorgeeks website.
sea for yourself at http://www.majorgeeks.com/oldnews9.html
Yes but the vulnerability was disclosed (or updated) on June, 23
The release date of the update was June 23, 2009
I am somewhat confused this because this is relatively old news from tuesday one week ago (2009-06-16)