Threat Level: green Handler on Duty: Brad Duncan

SANS ISC InfoSec Handlers Diary Blog

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Adobe Updates today as well.

Published: 2013-12-10
Last Updated: 2013-12-10 21:36:14 UTC
by Rob VandenBrink (Version: 2)
3 comment(s)

Adobe also has published updates today for Flash Player, resolving CVE-2013-5331 and CVE-2013-5332.

This is a remote execution vulnerability, by way of a malicious SWF (Flash) content in an MS Word document.

The versions will vary from platform to platform, but if you are running Flash Player you should update soon (today if possible).

Shockwave Player also sees an update today, addressing CVE-2013-5333 and CVE-2013-5334 on the Windows and Mac platforms.  With this update applied, both platforms should be at version

These exploits also result in remote execution, so if you have Shockwave Player installed today is a good day to update, either right before or right after the Microsoft reboot.

You'd think by now most major products would have an auto update or a "click here to update" feature.   From this note, perhaps you'd think that Adobe might be unique in not having this, but you'd be surprised what other major system components don't update themselves!

Rob VandenBrink

Keywords: adobe flash
3 comment(s)
Diary Archives