Bulletin ID
Last updated on
17 May 2021
|
Also applies to Shockwave Player
Security update available for Shockwave Player | APSB17-40
|
|
Date Published |
Priority |
|---|---|---|
|
APSB17-40 |
November 14, 2017 |
2 |
Summary
Adobe has released a security update for Adobe Shockwave Player for Windows. This update resolves a critical memory corruption vulnerability that could lead to code execution.
Affected product version
|
Product |
Version |
Platform |
|
Adobe Shockwave Player |
12.2.9.199 and earlier |
Windows |
Solution
Adobe categorizes this update with the following priority rating and recommends users update their installation to the newest version by following the instructions below:
|
Version |
Platform |
Priority rating |
Availability |
|
|
Adobe Shockwave Player |
12.3.1.201 |
Windows |
2 |
Note:
Adobe recommends users of Adobe Shockwave Player 12.2.9.199 and earlier versions for Windows update to Adobe Shockwave Player 12.3.1.201 by visiting the Adobe Shockwave Player Download Center.
Vulnerability Details
|
Vulnerability Category |
Vulnerability Impact |
Severity |
CVE Number |
|---|---|---|---|
|
Memory Corruption |
Remote Code Execution |
Critical |
CVE-2017-11294 |
Acknowledgments
Adobe would like to thank Honggang Ren of Fortinet's FortiGuard Labs for reporting this issue and for working with Adobe to help protect our customers.
Adobe MAX
The Creativity Conference
Oct 14–16 Miami Beach and online
Adobe MAX
The Creativity Conference
Oct 14–16 Miami Beach and online