Security bulletin

Security Advisory for Adobe Shockwave Player

Release date: October 21, 2010

Last updated: October 28, 2010

Vulnerability identifier: APSA10-04

CVE number: CVE-2010-3653

Platform: Windows and Macintosh

Summary

A critical vulnerability exists in Adobe Shockwave Player 11.5.8.612 and earlier versions on the Windows and Macintosh operating systems. This vulnerability (CVE-2010-3653) could cause a crash and potentially allow an attacker to take control of the affected system. As of October 27, Adobe is aware of reports of this vulnerability being exploited in the wild.

A fix is available for Adobe Shockwave Player 11.5.8.612 on the Windows and Macintosh operating systems as of Thursday, October 28, 2010. Please refer to Security Bulletin APSB10-25.

Affected software versions

Adobe Shockwave Player 11.5.8.612 and earlier versions for Windows and Macintosh

Severity rating

Adobe categorizes this as a critical issue.

Details

A fix is available for Adobe Shockwave Player 11.5.8.612 on the Windows and Macintosh operating systems as of Thursday, October 28, 2010. Please refer to Security Bulletin APSB10-25.

Adobe actively shares information about this and other vulnerabilities with partners in the security community to enable them to quickly develop detection and quarantine methods to protect users until a patch is available. As always, Adobe recommends that users follow security best practices by keeping their anti-malware software and definitions up to date.

Users may monitor the latest information on the Adobe Product Security Incident Response Team blog at the following URL: http://blogs.adobe.com/psirt or by subscribing to the RSS feed here: http://blogs.adobe.com/psirt/atom.xml.

Revisions

October 28, 2010 - Updated with information on Security Bulletin APSB10-25.
October 27, 2010 - Updated with schedule information and information on exploits in the wild
October 21, 2010 - Advisory released