Results 1 to 5 of 5

Thread: Shockwave Vulnerabilities

  1. #1

    Shockwave Vulnerabilities

    Hi all,

    Does anyone know of any security issues with Macromedia Shockwave, both from the persepective of the browser plugin and the contents of the filetype itself? I have a request from our user community to allow access to shockwave multimedia files on the Internet from our corporate desktop system, but I'm nervous about it.

    Thanking you all in advance,

    Alan Mott

  2. #2
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    Just like any other piece of software it can contain vulnerabilities.. IIRC there was an issue not to long ago.. So make sure the players you use are the latest ones...
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  3. #3
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,785
    unless it's absolutly needed dont allow it. increasing applications increases your chances of getting hit. yeah! there was one a short time ago and it was (is) a beaut:

    Security Bulletin
    APSB06-03 Flash Player Update to Address Security Vulnerabilities

    Originally posted: March 14, 2006
    CVE Identifier

    http://www.macromedia.com/devnet/sec...apsb06-03.html

    CVE-2006-0024
    Summary

    Critical vulnerabilities have been identified in Flash Player that could allow an attacker who successfully exploits these vulnerabilities to take control of the affected system. A malicious SWF must be loaded in Flash Player by the user for an attacker to exploit these vulnerabilities. Users are recommended to update to the most current version of Flash Player available for their platform.
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  4. #4
    Thanks people. The comments posted thus far are things I've already considered. My feeling is that i'll allow the filetypes internally, but block them them externally (e.g. block them from the Internet). But is this itself also a vulnerability? Does the browser ActiveX plugin itself have vulnerabilities that can be exploited even if shockwave files themselves are blocked?

    Cheers again,

    alan mott

  5. #5
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Alan,

    Sorry to sound rude and all, but why would they want this?

    I have a request from our user community to allow access to shockwave multimedia files on the Internet from our corporate desktop system
    I am afraid that I would need a lot of convincing, and it would have to come from their bosses

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •