Critical Vulnerability in Shockwave Player Fixed

Bug in Shockwave On Thursday, a critical vulnerability was detected in the Shockwave player; fortunately the flaw was patched on Thursday itself by Adobe.

A warning was issued by TippingPoint’s Zero Day Initiative, one of two prominent reward programs that pay researchers for information about software vulnerabilities, that a malicious Web site could hijack a user’s computer if the site persuaded the visitor to install Shockwave, a player used on many sites to display multi-media content.

Shockwave’s ActiveX installer was at fault, said TippingPoint in its advisory.

Adobe, meanwhile, repaired the defective ActiveX installer, and said “since the vulnerability occurs in the installer, no action needs to be taken by current Macromedia Shockwave Player customers.”

To sum it up, Shockwave users can breathe easy.