US-CERT Current Activity Adobe Releases Shockwave Player Update and Flash Player Security Advisory Original release date: July 29, 2009 at 10:12 am Last revised: July 29, 2009 at 10:12 am Adobe has released Shockware Player 11.5.1.601 because previous versions used a vulnerable version of the Microsoft Active Template Library (ATL). Additionally, Adobe has released a security advisory to address the same issue in Flash Player. Exploitation of this vulnerability may allow an attacker to execute arbitrary code. The security advisory for Flash Player indicates that Adobe will be releasing fixes for this issue on July 30, 2009. In the interim, the advisory suggests that users consider installing the Cumulative Security Update for Internet Explorer as defined in Microsoft Security Bulletin MS09-034 to help mitigate some of the risks until fixes are available. US-CERT encourages users and administrators to review Adobe documents APSB09-11 and APSA09-04 and apply any necessary updates to help mitigate the risks. Additional information can be found in the Adobe PSIRT blog. Relevant Url(s): <http://www.microsoft.com/technet/security/bulletin/ms09-034.mspx> <http://blogs.adobe.com/psirt/2009/07/impact_of_microsoft_atl_vulner.html> <http://www.adobe.com/support/security/advisories/apsa09-04.html> <http://www.adobe.com/support/security/bulletins/apsb09-11.html> ==== This entry is available at http://www.us-cert.gov/current/index.html#adobe_releases_shockware_player_11 Produced 2009 by US-CERT, a government organization. Note: Posted according to copyright permissions of US-CERT (United States Computer Emergency Readiness Team) Purpose of Posting -- To help others keep their genealogy computers healthy.