Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT Security Bulletin ASB-2010.0231 Security Advisory for Adobe Shockwave Player 22 October 2010 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Adobe Shockwave Player 11.5.8.612 and prior Operating System: Windows Mac OS X Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Denial of Service -- Remote with User Interaction Resolution: None CVE Names: CVE-2010-3653 Member content until: Sunday, November 21 2010 OVERVIEW Vulnerabilities have been found in Adobe Shockwave Player which could lead to the execution of arbitrary code. [1] IMPACT The vendor has provided the following information regarding this issue: "A critical vulnerability exists in Adobe Shockwave Player 11.5.8.612 and earlier versions on the Windows and Macintosh operating systems. This vulnerability (CVE-2010-3653) could cause a crash and potentially allow an attacker to take control of the affected system. While details about the vulnerability have been disclosed publicly, Adobe is not aware of any attacks exploiting this vulnerability against Adobe Shockwave Player to date." [1] MITIGATION There are currently no patches or mitigations available other than uninstalling or disabling Shockwave Player. REFERENCES [1] Security Advisory for Adobe Shockwave Player http://www.adobe.com/support/security/advisories/apsa10-04.html AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iD8DBQFMwR9p/iFOrG6YcBERAkbIAJ4iF0CH89YwpshoUmxflxMJEMSShQCgkQc8 jHRSlZJaKvOFw2sXG8jZiow= =7pEh -----END PGP SIGNATURE-----