Adobe has warned of a critical zero-day vulnerability in its Shockwave Player.
It warned that the vulnerability (CVE-2010-3653) could cause a crash and potentially allow an attacker to take control of the affected system. While details about the vulnerability have been disclosed publicly, Adobe is not aware of any attacks exploiting this vulnerability to date.
Specifically, Shockwave Player 126.96.36.1992 and earlier versions for Windows and Macintosh are affected. Adobe said that it is currently working on determining the schedule for an update to address this vulnerability.