Threat Level: green Handler on Duty: Manuel Humberto Santander Pelaez

SANS ISC: Adobe Shockwave Player "Shockwave Settings" Use-After-Free Vulnerability SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Adobe Shockwave Player "Shockwave Settings" Use-After-Free Vulnerability

Juha-Matti reports that an odd Shockwave vulnerability has been identified (http://secunia.com/advisories/42112/.) I call it "odd" because it's not the typical "download crafted flash file and it executes code." The victim has to open the Shockwave settings window while having the malicious website open. It's a new hurdle, but I'm not sure that it's insurmountable.

There is currently no CVE or response from Adobe.

Kevin Liston

292 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!