An update to Adobe Shockwave Player has been released to address critical vulnerabilities in version 126.96.36.1999 and earlier version on both Windows and Macintosh systems. If successfully exploited, malicious code could be executed on the system.
Release date: November 8, 2011
Vulnerability identifier: APSB11-27
CVE number: CVE-2011-2446, CVE-2011-2447, CVE-2011-2448, CVE-2011-2449
Platform: Windows and Macintosh
The newest version of Shockwave Player 188.8.131.523 is available here: http://get.adobe.com/shockwave/.
Please remember to uncheck any unwanted 3rd party toolbars/programs during installation. Also please do not confuse this with Adobe Flash Player which is a different program.
For how to disable the auto-update setting in Shockwave Player, see http://kb2.adobe.com/cps/166/tn_16683.html (This must be set every time Shockwave Player is updated if you do not want auto-updating.)