-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Reference: CERT-EU Security Advisory 2012-0063 Title: Multiple vulnerabilities in Adobe Shockwave Player [1] Version history: 10.05.2012 Initial publication Summary ======= Adobe released a security update for Adobe Shockwave Player 11.6.4.634 and earlier versions for Windows and Macintosh. This update addresses vulnerabilities (memory corruption) that could allow an attacker who successfully exploits these vulnerabilities to run malicious code on the affected system allowing unauthorized disclosure of information, unauthorized modification or disruption of service. Adobe recommends users of Adobe Shockwave Player 11.6.4.634 and earlier for Windows and Macintosh update to Adobe Shockwave Player 11.6.5.635 using the instructions provided in the "Solution" section below. Adobe Shockwave Player before 11.6.5.635 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors CVSS v2 Base Score: 10.0 (CRITICAL) (AV:N/AC:L/Au:C/C:C/I:C/A:C)[7] Vulnerable systems ================== Shockwave Player 11.6.4.634 and earlier versions for Windows and Macintosh What can you do? ================ Fix is available [1]. What to tell your users? ======================== Normal security best practices apply. Especially, inform your Web users to be cautious about following links to sites that are provided by unfamiliar or suspicious sources. Users are to be aware not to click on the link in suspicious emails; to immediately forward the suspicious email to the respective IT security officer / contact in your institution. More information ================ [1] http://www.adobe.com/support/security/bulletins/apsb12-13.html [2] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2029 [3] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2030 [4] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2031 [5] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2032 [6] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2033 [7] Information about CVSS: http://www.first.org/cvss/cvss-guide.html Best regards, CERT-EU CERT-EU Pre-configuration Team (http://cert.europa.eu) Phone: +32.2.2990005 / e-mail: cert-eu@ec.europa.eu PGP KeyID 0x46AC4383 FP: 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383 DISCLAIMER: CERT-EU, the CERT for the EU institutions, is currently in its setup phase, until May 2012. Services are provided in a pilot fashion, and are not yet fully functional. Announcements, alerts and warnings are sent out in best effort manner, and to contact information currently known to us. We apologise if you are not the correct recipient, or if you had already been warned about this issue from another source . Format, content and way of alerting are subject to change in the future. Contact information or even the team name may change as well. Data Protection: CERT-EU complies with EU Regulation 45/2001 with regards to personal data protection. Our privacy statement is published here http://cert.europa.eu/cert/plainedition/en/cert_privacy.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQIcBAEBAgAGBQJPq6flAAoJEPpzpNLI8SVomJAP/17sjz38SPRghvdpdz9AGsHr GUQIVqSV3GZsHOPgxqsT3rJFNq997vQLIyQG8b21BC4M3PqOfhE840XD0YNqTiF0 nBS2EJLU9WqMBMYyi8xXr+pA6KmXVLNI1a/d/Mg0ue6MUyMcqOpi6VhmmxGORaLJ FLL3qj12C5Jq9ts2/6YW7i2KTODgpXjlo9swewKGl/lBlLRy8s5UAdfB7/MDQeAQ dfpEhzHly3PX87Tt00PjKT6gkqjO9oNLpYWKtavDFXX2yVZCzCHMDRWAdS7AaCMs /NQqsSnLiUm6sU6xg1tVgs37z+2muQuRVEPERIL/4RdZWa012xTVULv4funOe0t4 XqOc6YhEQXmBGoODFmarwirXnDQQhVydUme07K0Ech/oE0rkjS76QwwqaOnFI+7K pB3RagoQQP6kc1BZtFM0tJ7mZ/eMXT62SZ3aWjvj2sl7y425VS6zadp/2O5t0kNV 5zfc4ka2OwjdZnzRqKWBB5lH/bhIsFf23mJurtHs3sF3XBb7ttEIsYz0pI2vIzYf Ym3HhgfFpGTlJac0r/MtanugRtsXFMXGpP4xfa4bgSJ1/l4rzt8LPLMcpyBa78Xo JZe/gQvFtTM3NynVD+MnT9JgknLbNzvQPrJROit3HEceXlbVLnlTcYEB+Lsr8tiE nUAPl+xv017gw8IOzTNp =GQjd -----END PGP SIGNATURE-----