Adobe has released a security update for Adobe Shockwave Player for Windows. This update resolves multiple critical memory corruption vulnerabilities that could lead to arbitrary code execution in the context of the current user.
Adobe categorizes this update with the following priority rating and recommends users update their installation to the newest version by following the instructions below:
|Adobe Shockwave Player||220.127.116.11||Windows
||2||Shockwave Player Download Center|
- Beginning with version 18.104.22.168, support for .dir (director movie extension) has been removed from the player.
- Shockwave will be retired on April 9, 2019. For more information visit Shockwave End of Life HelpX FAQ
|Vulnerability Category||Vulnerability Impact||Severity||CVE Number|
|Memory Corruption||Arbitrary Code Execution||Critical||CVE-2019-7098|
|Memory Corruption||Arbitrary Code Execution||Critical||CVE-2019-7099|
|Memory Corruption||Arbitrary Code Execution||Critical||CVE-2019-7100|
|Memory Corruption||Arbitrary Code Execution||Critical||CVE-2019-7101
|Memory Corruption||Arbitrary Code Execution||Critical||CVE-2019-7102|
|Memory Corruption||Arbitrary Code Execution||Critical||CVE-2019-7103|
|Memory Corruption||Arbitrary Code Execution||Critical||CVE-2019-7104|
Adobe would like to thank Honggang Ren of Fortinet's FortiGuard Labs for reporting this issue and for working with Adobe to help protect our customers.