Results 1 to 5 of 5
  1. #1
    Join Date
    Sep 2001

    Shockwave Vulnerabilities

    Hi all,

    Does anyone know of any security issues with Macromedia Shockwave, both from the persepective of the browser plugin and the contents of the filetype itself? I have a request from our user community to allow access to shockwave multimedia files on the Internet from our corporate desktop system, but I'm nervous about it.

    Thanking you all in advance,

    Alan Mott

  2. #2
    Just Another Geek
    Join Date
    Jul 2002
    Rotterdam, Netherlands
    Just like any other piece of software it can contain vulnerabilities.. IIRC there was an issue not to long ago.. So make sure the players you use are the latest ones...
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  3. #3
    Senior Member
    Join Date
    Nov 2001
    unless it's absolutly needed dont allow it. increasing applications increases your chances of getting hit. yeah! there was one a short time ago and it was (is) a beaut:

    Security Bulletin
    APSB06-03 Flash Player Update to Address Security Vulnerabilities

    Originally posted: March 14, 2006
    CVE Identifier



    Critical vulnerabilities have been identified in Flash Player that could allow an attacker who successfully exploits these vulnerabilities to take control of the affected system. A malicious SWF must be loaded in Flash Player by the user for an attacker to exploit these vulnerabilities. Users are recommended to update to the most current version of Flash Player available for their platform.
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  4. #4
    Join Date
    Sep 2001
    Thanks people. The comments posted thus far are things I've already considered. My feeling is that i'll allow the filetypes internally, but block them them externally (e.g. block them from the Internet). But is this itself also a vulnerability? Does the browser ActiveX plugin itself have vulnerabilities that can be exploited even if shockwave files themselves are blocked?

    Cheers again,

    alan mott

  5. #5
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    United Kingdom: Bridlington

    Sorry to sound rude and all, but why would they want this?

    I have a request from our user community to allow access to shockwave multimedia files on the Internet from our corporate desktop system
    I am afraid that I would need a lot of convincing, and it would have to come from their bosses

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts

We have made updates to our Privacy Policy to reflect the implementation of the General Data Protection Regulation.