Every second Tuesday of the month Microsoft rolls out updates for its products as part of the Patch Tueday program – and so does Adobe, the California-based company that specializes in creating multimedia and creativity software products. While Microsoft plugged security holes in Windows and Office this Patch Tuesday, Adobe addressed security issues in Adobe Shockwave Player and Adobe ColdFusion.
The vulnerabilities that plague Adobe Shockwave Player have been rated as critical; if exploited by a person with malicious intent, they could allow for remote code execution. To stay safe and protected, users of Adobe Shockwave Player 11.5.6.606 and earlier versions need to upgrade to Adobe Shockwave Player 11.5.7.609. This latest version can be downloaded here.
SPONSORED LINKS
Here are the vulnerabilities that Adobe Shockwave Player 11.5.7.609 fixes, as detailed by Adobe in this security advisory:
CVE-2010-0127- A boundary error vulnerability that if exploited, could lead to memory corruption and possible code execution.
CVE-2010-0128 - A signedness error vulnerability that could lead to code execution.
CVE-2010-0129 - Multiple memory corruption vulnerabilities due to integer overflow that could lead to code execution.
CVE-2010-0130 - An integer overflow vulnerability that could lead to code execution.
CVE-2010-0986 - A memory corruption vulnerability that could lead to code execution.
CVE-2010-0987 - A buffer overflow vulnerability that could lead to code execution.
CVE-2010-1280 - Multiple memory corruption vulnerabilities that could lead to code execution.
CVE-2010-1281 - A memory corruption vulnerability that could lead to code execution.
CVE-2010-1282 - An infinite loop vulnerability that could lead to a denial of service.
CVE-2010-1283 - A memory corruption vulnerability that could lead to code execution.
CVE-2010-1284 - Multiple memory corruption vulnerabilities that could lead to code execution.
CVE-2010-1286 - A memory corruption vulnerability that could lead to code execution.
CVE-2010-1287 - A memory corruption vulnerability that could lead to code execution.
CVE-2010-1288 - A buffer overflow vulnerability that could lead to code execution.
CVE-2010-1289 - A memory corruption vulnerability that could lead to code execution.
CVE-2010-1290 - A memory corruption vulnerability that could lead to code execution.
CVE-2010-1291 - A memory corruption vulnerability that could lead to code execution.
CVE-2010-1292 - A memory corruption vulnerability that could lead to code execution.
The vulnerabilities that plague Adobe ColdFusion have been classified as important; if exploited by a person with malicious intent, they could allow for cross-site scripting and information disclosure. These vulnerabilities affect ColdFusion 8.0, 8.0.1, 9.0 and earlier versions for Windows, Macintosh and UNIX. Users should follow the instructions presented here to update their installations.
Here are the vulnerabilities fixed in Adobe ColdFusion, as detailed by Adobe in this security advisory:
CVE-2009-3467 - A vulnerability in a ColdFusion method that could lead to cross-site scripting in ColdFusion applications utilizing this method.
CVE-2010-1293 - A vulnerability in the ColdFusion Administrator page that could lead to cross-site scripting.
CVE-2010-1294 - An information disclosure vulnerability. This vulnerability requires local access.
Every second Tuesday of the month Microsoft rolls out updates for its products as part of the Patch Tueday program – and so does Adobe, the California-based company that specializes in creating multimedia and creativity software products. While Microsoft plugged security holes in Windows and Office 