Adobe fixes critical vulnerability in Shockwave Player

Adobe Systems has released a patch for its Shockwave Player to fix a critical vulnerability, the company wrote on its security blog on Tuesday.

Adobe didn’t provide many details on the vulnerability but wrote that it is remotely exploitable, meaning a hacker could use it to infect a computer with malicious software over the Internet.

[ Learn how to secure your systems with Roger Grimes’ Security Adviser blog and Security Central newsletter, both from InfoWorld. ]

Shockwave Player is used to display content created by Adobe’s Director program, which offers advanced tools for creating interactive content, including Flash. The Director application can be used for creating 3D models, high-quality images and full-screen or long-form digital content and offers greater control over how those elements are displayed.

The vulnerability affects Shockwave Player version 11.5.0.596 and earlier. Users should uninstall the old version and install version 11.5.0.600, which is available for download.

Shockwave Player is installed on 450 million desktops, according to Adobe.

The company was tipped off to the vulnerability by security vendor TippingPoint Technologies’ Zero Day Initiative, which pays security researchers for vulnerability information that is responsibly disclosed.

n May, Adobe announced it was undertaking a thorough review of legacy code in products such as Acrobat and Reader after hackers have taken advantage of dangerous vulnerabilities. The company also introduced a regular patching routine for Acrobat and Reader, saying it would release patches every three months on the second Tuesday of the month, the same day that Microsoft releases its own fixes.

This article was amended on June 25, 2009.