Adobe Shockwave Player 18.104.22.1685 and earlier versions on the Windows and Macintosh operating systems contain critical vulnerabilities that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.
Adobe Macromedia Shockwave Player is software that plays active web content developed in Macromedia and Adobe Director. Shockwave Player is available as an ActiveX control for Internet Explorer and as a plug-in for other web browsers.
Multiple vulnerabilities have been discovered in Shockwave Player and its Xtra components that can be exploited by an attacker to execute arbitrary code on a user's system. More details are available in Adobe Security Bulletin APSB11-01.
By convincing a user to view a specially crafted HTML document (e.g., a web page or an HTML email message or attachment), Microsoft Office document, or any other document that supports embedded Shockwave content, an attacker may be able to execute arbitrary code
Apply an update
Limit access to Director files
These vulnerabilities were reported by Will Dormann of the CERT/CC.
This document was written by Will Dormann.