Adobe Shockwave Player Multiple Vulnerabilities

 Affected: Adobe Shockwave Player versions 11.x

Description: Adobe Shockwave Player, with over 450 million users, is a multimedia player that allows Adobe Director applications to be published and viewed by a browser that is installed with a Shockwave plug-in.

 Multiple vulnerabilities have been reported in Adobe Shockwave Player, which be triggered by a specially crafted Shockwave content.  There is a error in the way the invalid index is used.  There are also a couple of issues caused by the inappropriate use of the invalid pointer.  And the last issue is a memory corruption error when processing string lengths.

 In all the cases successful exploitation might allow an attacker to execute arbitrary code in the context of the logged on user.

There is not enough public information about these vulnerabilities.

Status: Vendor confirmed, updates available.

References:

 Adobe Security Bulletin (APSB09-16)  http://www.adobe.com/support/security/bulletins/apsb09-16.html

Wikipedia Article on Adobe Shockwave  http://en.wikipedia.org/wiki/

Adobe_Shockwave Product Home Page  http://www.adobe.com/products/shockwaveplayer/

 SecurityFocus BID http://www.securityfocus.com/bid/36905

Adobe recommends Shockwave Player users install Shockwave Player version 11.5.2.602 available here: http://get.adobe.com/shockwave/
Remember: You need to install shockwave in Every Browser you use separately, if you wish to use it in your browser