Adobe has released an update fixing five critical' vulnerabilities in its Shockwave player, said to be on 450 million internet-enabled desktops.
The vulnerabilities could have allowed an attacker who successfully exploited them to run malicious code.
There was an invalid index and an invalid strength length vulnerability, as well as two invalid pointer flaws.
Nicolas Joly of VUPEN security was credited for reporting the four issues and working with Adobe to protect customers.
The update also solves a boundary condition issue that could have lead to Denial of Service (DoS).
Shockwave Player is described as the 'web standard for powerful multimedia playback' by Adobe, and allows users who download it to see interactive web content such as business presentations, advertisements, entertainment and games.
The flaws can be patched by downloading the latest Shockwave update.
