Updates Discussion - November 3, 2009

Adobe Shockwave Player Player 11.5.2.602

Please note:  While some add-ons, like Flash and Java, seem to be used just about everywhere on the net --- greatly enhancing the "Internet experience" ---  I have to preface this listing  by admitting I'm not sure which sites/programs actually use Shockwave (which apparently also goes by the name "Director").  

.

Put another way, I'm not sure that we really need to get Shockwave, and so, I'm not advocating that anyone download it now, if you've managed to get along well without it.   However, those who DO have an older version installed on their system should   be sure to obtain the latest update, which presumably offers some security enhancements.

( EDIT:   See below in this thread, for the relevant Secunia advisory for this product.  )

Download/install from: http://www.adobe.com/shockwave/download/

Caveat:  Be sure to UNcheck any offers for non-related programs/toolbars (in my case, it was a Norton system scanner --- but you may be offered something else), unless you intentionally want these "extras" as well!!  

Additionally, be advised that this program will download  gt.com  [the Google Toolbar installer] to your

c:\windows\system32\adobe\shockwave 11

subdirectory, even if you don't install this toolbar.

Java Runtime Environment (JRE) 6 update 17

This release contains fixes for one or more security vulnerabilities.

http://java.com/en/download/manual.jsp

it's probably safest to go for the OFFLINE (15.9 Meg) update

Release Notes:  

http://java.sun.com/javase/6/webnotes/6u17.html

-----------

Please note:  

This update will automatically remove updates of JRE 6 numbered 10 and higher.

But any older versions of Java have to be uninstalled, separately, before or after the newest installation

For more information/details about today's Java update, be advised there is a separate discussion going on here:  http://en.community.dell.com/forums/t/19301721.aspx

Here's some detailed info on the Shockwave update (mentioned above), as copied/pasted from http://secunia.com/advisories/37214/  :

Description:
Some [highly critical] vulnerabilities have been reported in Adobe Shockwave Player, which can be exploited by malicious people to compromise a user's system.

1) An error related to the use of an invalid index can be exploited to potentially execute arbitrary code via specially crafted Shockwave content.

2) An error related to the use of an invalid pointer can be exploited to potentially execute arbitrary code via specially crafted Shockwave content.

3) Another error related to the use an invalid pointer can be exploited to potentially execute arbitrary code via specially crafted Shockwave content.

4) An error when processing string lengths can be exploited to cause a memory corruption and potentially execute arbitrary code.

NOTE: A boundary error which results in a crash was also reported.

The vulnerabilities are reported in version 11.5.1.601 and prior.

Solution:
Update to version 11.5.2.602:
http://get.adobe.com/shockwave/

Hi, I know that the thread is developing toward Shock Wave Player issues; However since this topic is about updates for Nov. 3, and I had a Windows (Microsoft) Update alert for IE 8 yesterday I felt that this thread is the logical place to ask if any of you have had this update offered:

I have KB974455 installed. I suppose that is the update the bulletin MS09-054 is referring to.

Thank you.

Hernan wrote:

"...since this topic is about updates for Nov. 3, and I had a Windows (Microsoft) Update alert for IE 8 yesterday I felt that this thread is the logical place to ask if any of you have had this update offered".

Absolutely, you're posting in the right place

The intent of the daily-update thread is to call attention to ANY updates released [or "discovered"] that day, to help alert/advise fellow forum members.   Anyone is free to post here, and to pick-and-choose whichever updates they wish to note.   Hopefully, people will [voluntarily] restrict such inclusion to updates they consider important, and/or personally suggest/recommend --- rather than simply including a plethora of updates, as there are other websites/calendars that already do so.

As it happens, the particular Windows update you've just discovered was already mentioned by Bugbatter here:

http://en.community.dell.com/forums/t/19302295.aspx

But given its importance, there's nothing wrong in having it referenced in multiple threads.

PS.  Yes, I (and others) have been offered [and accepted] this particular update.

I do not know was wrong with me this week. I am missing and taking for granted many things. Thanks again ky331.

Again, you're most welcome.