Multiple memory corruption vulnerabilities in Adobe Shockwave Player could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system.
An unauthenticated, remote attacker could exploit these vulnerabilities by convincing a targeted user to view a website that contains malicious Shockwave content. The processing of the malicious content could trigger memory corruption that the attacker could use to execute arbitrary code on the vulnerable system with the privileges of the user.
Users are advised not to open email messages from suspicious or unrecognized sources. If users cannot verify that links or attachments included in email messages are safe, they are advised not to open them.
Adobe has released a security bulletin at the following link: APSB13-29
Adobe has released updated software at the following link: Adobe Shockwave Player 18.104.22.168 or later