Bulletin ID
Last updated on
Jan 24, 2023
|
Also applies to Shockwave Player
Security update available for Adobe Shockwave Player | APSB19-20
|
|
Date Published |
Priority |
|---|---|---|
|
APSB19-20 |
April 09, 2019 |
2 |
Summary
Adobe has released a security update for Adobe Shockwave Player for Windows. This update resolves multiple critical memory corruption vulnerabilities that could lead to arbitrary code execution in the context of the current user.
Affected product version
|
Product |
Version |
Platform |
|
Adobe Shockwave Player |
12.3.4.204 and earlier |
Windows |
Solution
Adobe categorizes this update with the following priority rating and recommends users update their installation to the newest version by following the instructions below:
|
Version |
Platform |
Priority rating |
Availability |
|
|
Adobe Shockwave Player |
12.3.5.205 |
Windows |
2 |
Note:
- Beginning with version 12.3.5.205, support for .dir (director movie extension) has been removed from the player.
- Shockwave will be retired on April 9, 2019. For more information visit Shockwave End of Life HelpX FAQ
Vulnerability Details
|
Vulnerability Category |
Vulnerability Impact |
Severity |
CVE Number |
|---|---|---|---|
|
Memory Corruption |
Arbitrary Code Execution |
Critical |
CVE-2019-7098 |
|
Memory Corruption |
Arbitrary Code Execution |
Critical |
CVE-2019-7099 |
|
Memory Corruption |
Arbitrary Code Execution |
Critical |
CVE-2019-7100 |
|
Memory Corruption |
Arbitrary Code Execution |
Critical |
CVE-2019-7101 |
|
Memory Corruption |
Arbitrary Code Execution |
Critical |
CVE-2019-7102 |
|
Memory Corruption |
Arbitrary Code Execution |
Critical |
CVE-2019-7103 |
|
Memory Corruption |
Arbitrary Code Execution |
Critical |
CVE-2019-7104 |
Acknowledgments
Adobe would like to thank Honggang Ren of Fortinet's FortiGuard Labs for reporting this issue and for working with Adobe to help protect our customers.
Revisions
April 17, 2019: Link updated for Shockwave Player Download location