Adobe Shockwave Player Vulnerability Remains Unpatched
When the Department of Homeland Security's U.S. Computer Emergency Readiness Team (US-CERT) issues a security bulletin, the vulnerability typically has serious implications. US-CERT, which first informed Adobe about a vulnerability in its Shockwave Player in October 2010, issued a bulletin outlining the consequences of the still-unpatched flaw.
"By convincing a user to view a specially crafted Shockwave content (e.g., a web page or an HTML email message or attachment), an attacker may be able to execute arbitrary code with the privileges of the user," US-CERT said in the bulletin.
Adobe says it's not aware of any active exploits or attacks stemming from the vulnerability, which it plans to fix in its next major release of Adobe Shockwave Player, due in February.