Security → Adobe Shockwave Player 11.5.8.612

please note this update has just become available and you will need fire fox at this time to download it
i have no further details to hand as to the change log but no doubt that will be posted shortly by someone

»get.adobe.com/shockwave/

Downloaded with Firefox and installed, but when tested it shows version as 11.5.8.609

Downloaded with IE and no problems.

The file downloaded says 11.5.8.612 just as you have shown, but when tested on the adobe site »www.adobe.com/shockwave/welcome/ it tests as 11.5.8.609

Strange.

Mine seems right when tested.

Thx Nick!

Thanks. Got it installed and working.

I don't have Shockplayer installed in my new desktop, received it in February, and my new laptop. I guess Shockplayer is not used as much because I have yet to received a message form any site that I need it. I do have the latest Flash player installed in all my PC's.

I guess since i'm older I'm not playing as many on-line games anymore. Is this what the Shockplayer is mainly used for???

Merci, Nick

Installing:

quote:

---

Adobe Shockwave Player version 11.5.8.612

---

Google Toolbar Alert

just a note that this is the first time I've seen this with Adobe apps Slim Builds @
»get.adobe.com/shockwave/ ··· ersions/

Reuters: Adobe fixes 20 vulnerabilities in Shockwave Player - Aug 25, 2010

quote:

---

Adobe Systems patched 20 security vulnerabilities in its Shockwave Player on Tuesday. Most of the flaws could allow an attacker to run their own code on an affected computer.

The vulnerabilities are in versions of Shockwave Player up to version 11.5.7.609, on both Apple's Mac OS X and Microsoft Windows.

---

Thank you for posting the security change log

your screen shot is incorrect so best to uninstall and try again

I think your right, as usual, Nick. Thanks

Thanks Nick, got it!

Adobe Security bulletin - Shockwave Player
Release date: August 24, 2010

Vulnerability identifier: APSB10-20
CVE number:CVE-2010-2863, CVE-2010-2864, CVE-2010-2865, CVE-2010-2866,
CVE-2010-2867, CVE-2010-2868, CVE-2010-2869, CVE-2010-2870, CVE-2010-2871, CVE-2010-2872, CVE-2010-2873, CVE-2010-2874, CVE-2010-2875, CVE-2010-2876, CVE-2010-2877, CVE-2010-2878, CVE-2010-2879, CVE-2010-2880, CVE-2010-2881, CVE-2010-2882

Platform: Windows and Macintosh

Summary
Critical vulnerabilities have been identified in Adobe Shockwave Player 11.5.7.609 and earlier versions on the Windows and Macintosh operating systems. The vulnerabilities could allow an attacker, who successfully exploits these vulnerabilities, to run malicious code on the affected system. Adobe recommends users of Adobe Shockwave Player 11.5.7.609 and earlier versions update to Adobe Shockwave Player 11.5.8.612, using the instructions provided below.

Affected software versions
Shockwave Player 11.5.7.609 and earlier versions for Windows and Macintosh

Solution
Adobe recommends users of Adobe Shockwave Player 11.5.7.609 and earlier versions upgrade to the newest version 11.5.8.612, available here: »get.adobe.com/shockwave/.

Severity rating
Adobe categorizes this as a critical update and recommends that users apply the update for their product installations.

Details
Critical vulnerabilities have been identified in Adobe Shockwave Player 11.5.7.609 and earlier versions on the Windows and Macintosh operating systems. The vulnerabilities could allow an attacker, who successfully exploits these vulnerabilities, to run malicious code on the affected system. Adobe recommends users of Adobe Shockwave Player 11.5.7.609 and earlier versions update to Adobe Shockwave Player 11.5.8.612, using the instructions provided above.

This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-2863).

This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-2864).

This update resolves a denial of service issue (CVE-2010-2865).

This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-2866).

This update resolves a pointer offset vulnerability that could lead to code execution (CVE-2010-2867).

This update resolves multiple denial of service issues; arbitrary code execution has not been demonstrated, but may be possible (CVE-2010-2868).

This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-2869).

This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-2870).

This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-2871).

This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-2872).

This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-2873).

This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-2874).

This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-2875).

This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-2876).

This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-2877).

This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-2878).

This update resolves an integer overflow vulnerability that could lead to code execution (CVE-2010-2879).

This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-2880).

This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-2881).

This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-2882).

»www.adobe.com/support/se ··· -20.html

A mere 20? Most of which are only rated "critical"?
And all from just one browser plugin, which, btw, was updated previously but three months ago?

Coupled with the plethora of always newly discovered exploitables within Flash and Reader, I might add.

Suggestion for a new Adobe/Macromedia marketing campaign:

"Adobe: Where your security is always Job 273."

I got version 11.5.8.609 too. I'll remove it again and redownload it.

Thanks everyone.

Sincerely, Libra

Wow, 20 security vulnerabilities patched in a single update.

I have to ask, why are so many people keeping the Shockwave plugin installed anyway? Adobe Flash is too common to avoid if you really want to view sites the way they are intended, but why Shockwave? I have been installing Shockwave for years yet rarely ever used it - perhaps I watch fewer web animations that some folks. On my newest computer I decided to install Flash Player but not Shockwave and have not missed it one bit, never even notice it missing in fact.

I watch Youtube videos and sometimes visit sites using Flash or Silverlight content but nothing has come up where I need the Shockwave plugin. Actually, the same goes for Java as well. It seems prudent to me that software so targeted for exploits should not be installed unless it does something useful, and I wonder if Shockwave really is useful at all for most people?

You'll still find Shockwave used on many game sites, but even then many of the games are Flash-based anyways.

Shockwave uses a component called 'cold fusion'. 'Cold fusion' is sometimes used as a component of secure log-in for websites.

I utilize a screensaver which was created with Shockwave. No Shockwave installed, no using that screensaver.

Those are two reasons why a person might want to keep Shockwave installed.