Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Adobe Updates Shockwave Player - SANS Internet Storm Center SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Adobe Updates Shockwave Player

This one fell between the cracks yesterday. Adobe released one bulletin yesterday for patch Tuesday [1]. The update fixes two vulnerabilities in Adobe's Shockwave player.

All versions of Shockwave Player prior to are vulnerable and Adobe assigned this patch a priority rating of 1, indicating that the vulnerability has already been exploited in targeted attacks.



Johannes B. Ullrich, Ph.D.

I will be teaching next: Application Security: Securing Web Apps, APIs, and Microservices - SANS London June 2022


4479 Posts
ISC Handler
Sep 9th 2015
Does anything still use Shockwave? I can't remember having it installed on any systems I manage in probably five years. Even then, it was only for a couple "educational game" websites that were used by only a handful of teachers in one school district.

Sign Up for Free or Log In to start participating in the conversation!