=====================================================================
                                   CERT-Renater

                        Note d'Information No. 2010/VULN420
_____________________________________________________________________

DATE                      : 22/10/2010

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running Adobe Shockwave Player up to and including 11.5.8.612.

======================================================================
http://www.adobe.com/support/security/advisories/apsa10-04.html
______________________________________________________________________

Security Advisory for Adobe Shockwave Player

Release date: October 21, 2010

Vulnerability identifier: APSA10-04

CVE number: CVE-2010-3653

Platform: Windows and Macintosh


Summary

A critical vulnerability exists in Adobe Shockwave Player 11.5.8.612
and earlier versions on the Windows and Macintosh operating systems.
This vulnerability (CVE-2010-3653) could cause a crash and potentially
allow an attacker to take control of the affected system. While details
about the vulnerability have been disclosed publicly, Adobe is not
aware of any attacks exploiting this vulnerability against
Adobe Shockwave Player to date.

We are currently working on determining the schedule for an update
to address this vulnerability in Adobe Shockwave Player.
Affected software versions

Adobe Shockwave Player 11.5.8.612 and earlier versions for Windows
and Macintosh


Severity rating

Adobe categorizes this as a critical issue.


Details

A critical vulnerability exists in Adobe Shockwave Player 11.5.8.612
and earlier versions on the Windows and Macintosh operating systems.
This vulnerability (CVE-2010-3653) could cause a crash and potentially
allow an attacker to take control of the affected system. While details
about the vulnerability have been disclosed publicly, Adobe is not aware
of any attacks exploiting this vulnerability against
Adobe Shockwave Player to date.

We are currently working on determining the schedule for an update to
address this vulnerability in Adobe Shockwave Player.

Adobe actively shares information about this and other vulnerabilities
with partners in the security community to enable them to quickly develop
detection and quarantine methods to protect users until a patch is
available. As always, Adobe recommends that users follow security best
practices by keeping their anti-malware software and definitions up to date.

Users may monitor the latest information on the Adobe Product
Security Incident Response Team blog at the following URL:
http://blogs.adobe.com/psirt or by subscribing to the RSS feed
here: http://blogs.adobe.com/psirt/atom.xml.


======================================================================

          =========================================================
          Les serveurs de référence du CERT-Renater
          http://www.urec.fr/securite
          http://www.cru.fr/securite
          http://www.renater.fr
          =========================================================
          + CERT-RENATER          | tel : 01-53-94-20-44          +
          + 23 - 25 Rue Daviel    | fax : 01-53-94-20-41          +
          + 75013 Paris           | email: certsvp@renater.fr     +
          =========================================================