Shockwave version 11.5.0.600 (Windows) has been released. Adobe has categorised this as a critical update as successful exploitation of the vulnerability allows the attacker to take control of the affected system. This issue is remotely exploitable.
Security Update available for Shockwave Player [1]
Release date: June 23, 2009
Vulnerability identifier: APSB09-08
CVE number: CVE-2009-1860
Platform: WindowsSummary
A critical vulnerability has been identified in Adobe Shockwave Player 11.5.0.596 and earlier versions. This vulnerability could allow an attacker who successfully exploits this vulnerability to take control of the affected system. Adobe has provided a solution for the reported vulnerability. It is recommended that users update their installations using the instructions provided below. …
No exploit details made public yet. It should be pointed out that their upgrade instructions recommend uninstalling the old version, rebooting the machine, and then installing the new version. [2]
Analysis: Patch now
[1] Security Update available for Shockwave Player APSB09-08 (2009-Jun-23) [Adobe]
[2] Adobe Shockwave Player Update (2009-Jun-24) [SANS]
CRP09-027
