Adobe Security Advisory for Adobe Shockwave Player |Vulnerability identifier: APSA10

Summary:
A critical vulnerability exists in Adobe Shockwave Player 11.5.8.612 and earlier versions on the Windows and Macintosh operating systems. This vulnerability (CVE-2010-3653) could cause a crash and potentially allow an attacker to take control of the affected system. While details about the vulnerability have been disclosed publicly, Adobe is not aware of any attacks exploiting this vulnerability against Adobe Shockwave Player to date.

We are currently working on determining the schedule for an update to address this vulnerability in Adobe Shockwave Player.

Affected software versions:
Adobe Shockwave Player 11.5.8.612and earlier versions for Windows and Macintosh

Details:
A critical vulnerability exists in Adobe Shockwave Player 11.5.8.612 and earlier versions on the Windows and Macintosh operating systems. This vulnerability (CVE-2010-3653) could cause a crash and potentially allow an attacker to take control of the affected system. While details about the vulnerability have been disclosed publicly, Adobe is not aware of any attacks exploiting this vulnerability against Adobe Shockwave Player to date.

We are currently working on determining the schedule for an update to address this vulnerability in Adobe Shockwave Player.

Adobe actively shares information about this and other vulnerabilities with partners in the security community to enable them to quickly develop
detection and quarantine methods to protect users until a patch is available. As always, Adobe recommends that users follow security best practices by keeping their anti-malware software and definitions up to date.

Adobe Advisory APSA10-04

 

I just removed this from my laptop. Removed Java a couple weeks ago. Don't feel I am going to miss either one. These companies are going to lose their entire user base if they don't reinvent these products soon.

 

From what I understand, Adobe plans to roll out some products sandboxed soon, which is a good thing