April 3rd, 2006, 10:24 AM
Does anyone know of any security issues with Macromedia Shockwave, both from the persepective of the browser plugin and the contents of the filetype itself? I have a request from our user community to allow access to shockwave multimedia files on the Internet from our corporate desktop system, but I'm nervous about it.
Thanking you all in advance,
April 3rd, 2006, 11:25 AM
Just like any other piece of software it can contain vulnerabilities.. IIRC there was an issue not to long ago.. So make sure the players you use are the latest ones...
Experience is something you don't get until just after you need it.
April 3rd, 2006, 02:04 PM
unless it's absolutly needed dont allow it. increasing applications increases your chances of getting hit. yeah! there was one a short time ago and it was (is) a beaut:
APSB06-03 Flash Player Update to Address Security Vulnerabilities
Originally posted: March 14, 2006
Critical vulnerabilities have been identified in Flash Player that could allow an attacker who successfully exploits these vulnerabilities to take control of the affected system. A malicious SWF must be loaded in Flash Player by the user for an attacker to exploit these vulnerabilities. Users are recommended to update to the most current version of Flash Player available for their platform.
Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”
April 3rd, 2006, 04:05 PM
Thanks people. The comments posted thus far are things I've already considered. My feeling is that i'll allow the filetypes internally, but block them them externally (e.g. block them from the Internet). But is this itself also a vulnerability? Does the browser ActiveX plugin itself have vulnerabilities that can be exploited even if shockwave files themselves are blocked?
April 3rd, 2006, 04:25 PM
Sorry to sound rude and all, but why would they want this?
I am afraid that I would need a lot of convincing, and it would have to come from their bosses
I have a request from our user community to allow access to shockwave multimedia files on the Internet from our corporate desktop system