Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: Adobe Shockwave Player Update SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Adobe Shockwave Player Update

Several readers pointed out that Adobe released a security update for the Shockwave Player today which apparently can be exploited by a remote website.  No exploit details made public yet.  It should be pointed out that their upgrade instructions recommend uninstalling the old version, rebooting the machine, and then installing the new version.

www.adobe.com/support/security/bulletins/apsb09-08.html

Handler: Kyle Haugsness

 

Kyle

112 Posts
I think that this is new behaviour... I installed the Adobe update for Firefox and that single install updated both Firefox and Internet Explorer. The single source is "%windir%system32\Adobe\Shockwave 11" and the version reported for BOTH browsers at http://www.adobe.com/shockwave/welcome/ is 11.5r600
Andrew

41 Posts
Let me consult my notes... ah, no, not new behaviour. The last time I updated, the Flash Player had a different installer for IE and "other browsers", but there was only one installer for Shockwave.
Andrew

41 Posts

Sign Up for Free or Log In to start participating in the conversation!