FYI...
Shockwave Player vuln - update v11.5.0.600 available
- http://www.adobe.com/support/securit...apsb09-08.html
June 23, 2009 - "A critical vulnerability has been identified in Adobe Shockwave Player 11.5.0.596 and earlier versions. This vulnerability could allow an attacker who successfully exploits this vulnerability to take control of the affected system... To resolve this issue, Shockwave Player users on Windows should -uninstall- Shockwave version 11.5.0.596 and earlier on their systems, restart, and install Shockwave version 11.5.0.600, available here: http://get.adobe.com/shockwave/ . This issue is remotely exploitable..."
- http://voices.washingtonpost.com/sec..._for_adob.html
June 25, 2009 - "...Readers should be aware that by default this patch will also try to install Symantec's Norton Security Scan, a clever marketing tool by Symantec that checks to see if you have malware on your system and then prompts you to buy their software to remove any found items. I find the bundling of a serious security update with this otherwise useless tool annoying, and potentially counter-productive... did they borrow the idea from the people pushing rogue anti-virus products (or was it the other way around?) At any rate, if you don't want this extra software, be sure to deselect that option before proceeding with the update."
http://web.nvd.nist.gov/view/vuln/de...=CVE-2009-1860
http://web.nvd.nist.gov/view/vuln/de...=CVE-2009-2186
- http://secunia.com/advisories/35544/2/
Release Date: 2009-06-24
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
Software: Shockwave Player 11.x ...
Solution: Uninstall versions prior to 11.5.0.600, restart the system, and install version 11.5.0.600:
http://get.adobe.com/shockwave/
- http://www.us-cert.gov/current/#adob..._for_shockwave
June 24, 2009