|24 Oct 2010||#1|
| || |
Exploit Code Available for Shockwave Player Zero-Day Flaw
Adobe has confirmed the existence of an unpatched critical remote code execution vulnerability in Shockwave Player, which was publicly disclosed yesterday.
The issue was identified by an outfit called Abyssec Security Research, which notes that it can be exploited by opening a specially crafted DIR or DCR file.
A critical vulnerability exists in Adobe Shockwave Player 184.108.40.2062 and earlier versions on the Windows and Macintosh operating systems.
"This vulnerability (CVE-2010-3653) could cause a crash and potentially allow an attacker to take control of the affected system," Adobe writes in a newly published advisory.
The flaw is exploitable over the Web and can theoretically be used to infect users with malware via drive-by download attacks.
However, given that Adobe Shockwave is not as widespread as Adobe Flash Player, Adobe Reader, Java or other commonly targeted applications, this exploit might not be considered suitable for inclusion in Web attack toolkits.
It might be used for more targeted approaches, but so far Adobe is not aware of any exploitation attempts in the wild.
Exploit Code Available for Shockwave Player Zero-Day Flaw - Softpedia
|My System Specs|
|Similar help and support threads for2: Exploit Code Available for Shockwave Player Zero-Day Flaw|
|Blackhole outfitted with exploit for recently patched Java flaw||Security News|
|Shockwave Player 220.127.116.11||System Security|
|Malicious RTF Files Exploit Office Flaw to Install Trojan||Security News|
|Adobe Shockwave Player Update||Software|
|Shockwave flash player has become un-responsive||Browsers & Mail|
|adobe shockwave player error||Software|
|Security updates available for Shockwave Player||System Security|