Release date: October 21, 2010
Last updated: October 28, 2010
Vulnerability identifier: APSA10-04
CVE number: CVE-2010-3653
Platform: Windows and Macintosh
A critical vulnerability exists in Adobe Shockwave Player 11.5.8.612 and earlier versions on the Windows and Macintosh operating systems. This vulnerability (CVE-2010-3653) could cause a crash and potentially allow an attacker to take control of the affected system. As of October 27, Adobe is aware of reports of this vulnerability being exploited in the wild.
A fix is available for Adobe Shockwave Player 11.5.8.612 on the Windows and Macintosh operating systems as of Thursday, October 28, 2010. Please refer to Security Bulletin APSB10-25.
Adobe Shockwave Player 11.5.8.612 and earlier versions for Windows and Macintosh
Adobe categorizes this as a critical issue.
A critical vulnerability exists in Adobe Shockwave Player 11.5.8.612 and earlier versions on the Windows and Macintosh operating systems. This vulnerability (CVE-2010-3653) could cause a crash and potentially allow an attacker to take control of the affected system. As of October 27, Adobe is aware of reports of this vulnerability being exploited in the wild.
A fix is available for Adobe Shockwave Player 11.5.8.612 on the Windows and Macintosh operating systems as of Thursday, October 28, 2010. Please refer to Security Bulletin APSB10-25.
Adobe actively shares information about this and other vulnerabilities with partners in the security community to enable them to quickly develop detection and quarantine methods to protect users until a patch is available. As always, Adobe recommends that users follow security best practices by keeping their anti-malware software and definitions up to date.
Users may monitor the latest information on the Adobe Product Security Incident Response Team blog at the following URL: http://blogs.adobe.com/psirt or by subscribing to the RSS feed here: http://blogs.adobe.com/psirt/atom.xml.
October 28, 2010 - Updated with information on Security Bulletin APSB10-25.
October 27, 2010 - Updated with schedule information and information on exploits in the wild
October 21, 2010 - Advisory released