US-CERT issues advisories against a trio of Adobe Shockwave vulnerabilities that could allow an attacker to remotely execute code on systems running the vulnerable media player. Adobe says it is not aware of any active exploits and plans to address the issue in its next major Shockwave release in February. Adobe spokesperson Wiebke Lips told Threatpost that the issue was reported to Adobe in 2010 regarding Shockwave Xtras, or extensions, which are stored in the Shockwave movie file; old extensions that are vulnerable to exploit can be installed automatically. The vulnerability is more difficult to contain for users running the Full Shockwave installer.
Source: https://threatpost.com/us-cert-warns-adobe-shockwave-xtras-vulnerabilities-121912/77332/