A critical vulnerability in the popular Shockwave Player
The vulnerability allows a remote attacker to compromise an affected system.
Yesterday, October 27, Adobe has released a security bulletin APSB15-26, which was fixed a dangerous vulnerability in the product Shockwave Player. The flaw could allow an attacker to execute arbitrary code on the target system.
Vulnerability CVE-2015-7649, which was fixed in this bulletin, is caused due to an error of memory corruption. A remote user could compromise the system. Despite the fact that the publicly available exploit for this vulnerability does not currently exist, the developer assigned this vulnerability the highest rating of danger.
The flaw affects all users of Shockwave Player versions 12.2.0.162 and lower for Windows and Mac. To resolve this vulnerability, apply the update to version 12.2.0.171.
Links:
http://www.adobe.com/products/shockwaveplayer.html
https://helpx.adobe.com/security/products/shockwave/apsb15-26.html
MALWARELIST.net - Your Information Security Source 