OS/Platform/Application:

Adobe Shockwave

Category: ALERT
Severity: HIGH
Attention: Shockwave users, System Administrators, Desktop Support Personnel.

Summary: Internet Security resources are reporting the existence of a vulnerability in Adobe systems' popular Shockwave multimedia player.  Shockwave is commonly used in animated online components such as movies or games.  The most likely mechanism of exploit for this vulnerability is the viewing of a maliciously-crafted website.  At the time of this writing (12:50 PM 9/17/09) no vendor-supplied patch is available to address this vulnerability. 

Shockwave is compatible with Windows and Mac systems - details about the vulnerability are sparse at this time but current information indicates that Windows systems (particularly those using Internet Explorer as a web browser) may be particularly vulnerable.

Recommended Actions: Users are encouraged to read the security advisory (safe link provided below) and to avoid the viewing of untrusted websites and/or shockwave games.  Users should update their antivirus/antispyware software now and update their shockwave players as soon as an update is made available. 

Readers are encouraged to share this alert with family, friends, and associates.

ITS Actions: N/A

Resources:

SecurityFocus Advisory:
http://www.securityfocus.com/bid/36434/discuss