Adobe Shockwave Player is prone to a remote code-execution vulnerability because it was compiled against the Microsoft Active Template Library (ATL).
Remote attackers can exploit this issue to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will likely result in a denial-of-service condition.
This issue is caused by the vulnerabilities described in Microsoft security advisory 973882 and is related to the following BIDs:
35828 Microsoft Visual Studio Active Template Library COM Object Remote Code Execution Vulnerability
35830 Microsoft Visual Studio Active Template Library NULL String Information Disclosure Vulnerability
35832 Microsoft Visual Studio ATL ‘VariantClear()’ Remote Code Execution Vulnerability
Published: Jul 28 2009
Updated: Jul 28 2009