Wednesday, November 03, 2010 10:58 AM
cmosby
Adobe Shockwave Player "Shockwave Settings" Use-After-Free Vulnerability – SANS Internet Storm Center
Adobe Shockwave Player "Shockwave Settings" Use-After-Free Vulnerability
Share |
Published: 2010-11-03,
Last Updated: 2010-11-03 15:12:16 UTC
by Kevin Liston (Version: 1)
0 comment(s)
Juha-Matti reports that an odd Shockwave vulnerability has been identified (http://secunia.com/advisories/42112/.) I call it "odd" because it's not the typical "download crafted flash file and it executes code." The victim has to open the Shockwave settings window while having the malicious website open. It's a new hurdle, but I'm not sure that it's insurmountable.
There is currently no CVE or response from Adobe.
Filed under: Internet Applications, Security, Enterprise Applications, Software Vulnerabilites, Adobe