Adobe Shockwave Player may automatically install a legacy version of the runtime, which can increase the attack surface of systems that have Shockwave installed.
Adobe Macromedia Shockwave Player is software that plays active web content developed in Macromedia and Adobe Director. According to the Director 11 and Shockwave 11 Whitepaper:
When the user launches Shockwave content from a browser, the Shockwave 11 ActiveX control is downloaded to the
By convincing a user to view a specially crafted Shockwave content (e.g., a web page or an HTML email message or attachment), an attacker may be able to execute arbitrary code with the privileges of the user.
We are currently unaware of a practical solution to this problem. Please consider the following workarounds:
This vulnerability was reported by Will Dormann of the CERT/CC
This document was written by Will Dormann.
|Date First Published:||2012-12-17|
|Date Last Updated:||2014-07-24 20:29 UTC|