Adobe Security Bulletin

Security update available for Adobe Shockwave Player | APSB19-20

Bulletin ID

Date Published

Priority

APSB19-20

April 09, 2019

2

Summary

Adobe has released a security update for Adobe Shockwave Player for Windows.  This update resolves multiple critical memory corruption vulnerabilities that could lead to arbitrary code execution in the context of the current user. 

Affected product version

Product

Version

Platform

Adobe Shockwave Player

12.3.4.204 and earlier

Windows

Solution

Adobe categorizes this update with the following priority rating and recommends users update their installation to the newest version by following the instructions below:

Product

Version

Platform

Priority rating

Availability

Adobe Shockwave Player

12.3.5.205

Windows

2

Pastaba:
  • Beginning with version 12.3.5.205, support for .dir (director movie extension) has been removed from the player.
  • Shockwave will be retired on April 9, 2019. For more information visit Shockwave End of Life HelpX FAQ

Vulnerability Details

Vulnerability Category

Vulnerability Impact

Severity

CVE Number

Memory Corruption

Arbitrary Code Execution

Critical 

CVE-2019-7098

Memory Corruption

Arbitrary Code Execution

Critical 

CVE-2019-7099

Memory Corruption

Arbitrary Code Execution

Critical 

CVE-2019-7100

Memory Corruption

Arbitrary Code Execution

Critical

CVE-2019-7101

Memory Corruption

Arbitrary Code Execution

Critical 

CVE-2019-7102

Memory Corruption

Arbitrary Code Execution

Critical 

CVE-2019-7103

Memory Corruption

Arbitrary Code Execution

Critical 

CVE-2019-7104

Acknowledgments

Adobe would like to thank Honggang Ren of Fortinet's FortiGuard Labs for reporting this issue and for working with Adobe to help protect our customers.

Revisions

April 17, 2019: Link updated for Shockwave Player Download location

„Adobe“ logotipas

Prisijunkite prie savo paskyros