Abobe November 2011 Black Tuesday Overview
Adobe has released 1 bulletin today.
This updates Adobe products to the following versions:
- Shockwave Player
- 11.6.3.633
# | Affected | Known Exploits | Adobe rating |
---|---|---|---|
APSB11-27 | Multiple memory corruption vulnerabilities in the shockwave player allow random code execution. | ||
Shockwave player CVE-2011-2446 CVE-2011-2447 CVE-2011-2448 CVE-2011-2449 |
TBD | Critical |
--
Swa Frantzen -- Section 66
Keywords: adobe Patch Tuesday
4 comment(s)
×
Diary Archives
Comments
Both .exe links are up to date and will result in the now-current build.
The .msi link however has not been updated. The result is the same August-16-2011 build that is vulnerable and should now be replaced.
Adobe has pushed the deployment out to their CDN, Akamai.
It's only the link to them that needs updating. If you are registered for the distribution and click on the .msi link you get this (redacted is not the real FQDN)
http://redacted.example.com/get/shockwave/default/english/win95nt/10.1.4.020/sw_lic_full_installer.msi
and if you download an .exe file you will see that the numerical folder name in the middle is different. Until Adobe fixes their link, this will work fine for you:
http://redacted.example.com/get/shockwave/default/english/win95nt/10.2.0.022/sw_lic_full_installer.msi
If you inspect the result with Sigcheck.exe from SysInternals or inspect via right-click, properties, you will see the signature date is in November instead of August.
Sorry for the redaction in the URL, the distribution agreement prohibits publicly posting the actual URL.
NB: if you download the not-yet-updated .msi file and attempt to install it as the update you think it is, your Windows Application Event Log will show a successful installation. However, your version is not updated, and if you track the exit code, it is "1" instead of "0". You've done a re-install or repair, not an upgrade.
Andrew from Vancouver
Nov 9th 2011
1 decade ago
MrSoapsud
Nov 11th 2011
1 decade ago
Tim
Nov 11th 2011
1 decade ago
The version checker at www.adobe.com/shockwave/welcome looks like it's back up and running now, which is good news.
A suggestion to Adobe: Please include a simple listing of the most current version number on the same page that shows the installed version number (like the chart featured on the Flash test page.)
And while I'm writing my wish list to Santa (gotta start early!) how about standardizing the two test page URLs to make it easier to remember?
For example, change "/software/flash/about" and "/flash/welcome" to develop consistency between the products.
Better yet, redirect "/flash/welcome" to the proper test page, so as to maintain compatibility with the current setup and help the caffeine-deprived that can't remember two differently-formatted links (who, ME...?)
:)
Joel
Nov 14th 2011
1 decade ago