Adobe Security Bulletin

Security update available for Adobe Shockwave Player | APSB19-20

Bulletin ID	Date Published	Priority
APSB19-20	April 09, 2019	2

Adobe has released a security update for Adobe Shockwave Player for Windows.  This update resolves multiple critical memory corruption vulnerabilities that could lead to arbitrary code execution in the context of the current user. 

Product	Version	Platform
Adobe Shockwave Player	12.3.4.204 and earlier	Windows

Adobe categorizes this update with the following priority rating and recommends users update their installation to the newest version by following the instructions below:

Product	Version	Platform	Priority rating	Availability
Adobe Shockwave Player	12.3.5.205	Windows	2	Shockwave Player Download Center

Poznámka:

Beginning with version 12.3.5.205, support for .dir (director movie extension) has been removed from the player.
Shockwave will be retired on April 9, 2019. For more information visit Shockwave End of Life HelpX FAQ

Vulnerability Category	Vulnerability Impact	Severity	CVE Number
Memory Corruption	Arbitrary Code Execution	Critical	CVE-2019-7098
Memory Corruption	Arbitrary Code Execution	Critical	CVE-2019-7099
Memory Corruption	Arbitrary Code Execution	Critical	CVE-2019-7100
Memory Corruption	Arbitrary Code Execution	Critical	CVE-2019-7101
Memory Corruption	Arbitrary Code Execution	Critical	CVE-2019-7102
Memory Corruption	Arbitrary Code Execution	Critical	CVE-2019-7103
Memory Corruption	Arbitrary Code Execution	Critical	CVE-2019-7104

Adobe would like to thank Honggang Ren of Fortinet's FortiGuard Labs for reporting this issue and for working with Adobe to help protect our customers.

April 17, 2019: Link updated for Shockwave Player Download location

Adobe Security Bulletin

Summary

Affected product version

Solution

Vulnerability Details

Acknowledgments

Revisions

Spýtajte sa komunity

Kontaktujte nás