-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Reference: CERT-EU Security Advisory 2012-0101 Title: Security update available for Adobe Shockwave Player [1] Version history: 14.08.2012 Initial publication Summary ======= Adobe has released an update for Adobe Shockwave Player 11.6.5.635 and earlier versions on the Windows and Macintosh operating systems. This update addresses vulnerabilities that could allow an attacker, who successfully exploits these vulnerabilities, to run malicious code on the affected system. Adobe recommends users of Adobe Shockwave Player 11.6.5.635 and earlier versions update to Adobe Shockwave Player 11.6.6.636 using the instructions provided in the "Solution" section below. CVE Numbers: CVE-2012-2043 CVE-2012-2044 CVE-2012-2045 CVE-2012-2046 CVE-2012-2047 CVSS v2 Base Score:10.0 (HIGH) (AV:N/AC:L/Au:N/C:C/I:C/A:C) [2,3] Adobe recommends users update their product installations to the latest versions. Vulnerable systems ================== Adobe Shockwave Player 11.6.5.635 and earlier versions for Windows and Macintosh What can you do? ================ Fixes are available [1]. What to tell your users? ======================== Normal security best practices apply. Especially, inform your Web users to be cautious about following links to sites that are provided by unfamiliar or suspicious sources. Users are to be aware not to click on the link in suspicious emails to immediately forward the suspicious email to the respective IT security officer / contact in your institution. More information ================ [1] http://www.adobe.com/support/security/bulletins/apsb12-17.html [2] Information about CVSS: http://www.first.org/cvss/cvss-guide.html [3] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2043 Best regards, CERT-EU Pre-configuration Team (http://cert.europa.eu) Phone: +32.2.2990005 / e-mail: cert-eu@ec.europa.eu PGP KeyID 0x46AC4383 FP: 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383 Privacy Statement: http://cert.europa.eu/cert/plainedition/en/cert_privacy.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQIcBAEBAgAGBQJQLSDgAAoJEPpzpNLI8SVox0UQAKEx2GnBBGsNogtoTEnMLEJM J9SrL9KIoU1Rk57OIjXCxMs8BO7qJOzzF0ZfiT8k8iRZ05FT2kSVIdU1tpl1SeEx 0P9KIqKbV6f7VE6oPM3XOjMywUZvTbDrBAQjZAIGAhCs+uISUQomwyizpONXYUk7 WY60avjnHykA2TTYL2+J804G6m3Y7wEc6yhsYylEy4rdAm1qT1+zyp22YD66snms 32vMctnkDu/f4SkyAofM5Bo6ReBRRLUVJdOxVtay5nLZedJkTMHR5kut2hrCa4bY YxcERvRBZmHCVQHeK2Zh1D7WmUpJgr92VILTycMqr1sb53pErfhdrLeGGbXM2SB/ shGJYzwsFued1yD1doSbulhltd7/RdHR0dnNB8UUcSzm3I+QZJ+8eBVjc+8CBtD4 +RRf7QS73xlB1W1sKeLTIfeAp8jMcKOVRhve5j1iBePjrgu/8qqObn1QelnhjQ0v QOjgjN/xFeA5D9X+qG+lVShdRvrLpPxXjuKi5eciT5QNelknmccy/lptozRTjiFb 71mP2zaEgc8aOveNLMEalNfOqQyepyEjSJOZi68KjFACHRe/zTxSc4BFHdckCmwm AdRuQ+F6Lzivjh1VG4pGbBMlb8Ohk6H6VZz+/JoUuNleWUs+8Y1Q7JT/PyeYcl7W n6oVtGngX35CjE3a3FQQ =4XA5 -----END PGP SIGNATURE-----