Adobe Shockwave Player prior to 12.0.7.148 allows malicious users to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-5333.
This month Adobe’s realing fixes for both Flash Player and Shockwave. The vulnerabilies for Flash Player affect all platforms and concern two CVEs – CVE-2013-5331 and CVE-2013-5332, which both allow for remote code execution. Eploitation of CVE-2013-5331 using Microsoft Word as a leverage mechanism has been observed in the wild. Though Flash 11.6 introduced Click-to-Play for Office, users may still be socially engineered into running Flash content in Office documents. Make sure to apply this...