Today Adobe released security updates for its Shockwave Player plugin for Macintosh and Windows platforms. This update patches six vulnerabilities that “could allow an attacker, who successfully exploits these vulnerabilities, to run malicious code on the affected system,” the company said in its security bulletin (APBS12-23). Shockwave Player 11.6.8.638 resolves five buffer overflow vulnerabilities that could lead to code execution: CVE-2012-4172, CVE-2012-4173, CVE-2012-4174, CVE-2012-4175, CVE-2012-5273. Additionally, it resolves an array out of bounds vulnerability, CVE-2012-4176, that could lead to code execution if an attacker successfully exploits the flaw.
Adobe Shockwave Player 11.6.8.638 (11.1 MB) is available here.