-
April 3rd, 2006, 10:24 AM
#1
Member
Shockwave Vulnerabilities
Hi all,
Does anyone know of any security issues with Macromedia Shockwave, both from the persepective of the browser plugin and the contents of the filetype itself? I have a request from our user community to allow access to shockwave multimedia files on the Internet from our corporate desktop system, but I'm nervous about it.
Thanking you all in advance,
Alan Mott
-
April 3rd, 2006, 11:25 AM
#2
Just like any other piece of software it can contain vulnerabilities.. IIRC there was an issue not to long ago.. So make sure the players you use are the latest ones...
Oliver's Law:
Experience is something you don't get until just after you need it.
-
April 3rd, 2006, 02:04 PM
#3
unless it's absolutly needed dont allow it. increasing applications increases your chances of getting hit. yeah! there was one a short time ago and it was (is) a beaut:
Security Bulletin
APSB06-03 Flash Player Update to Address Security Vulnerabilities
Originally posted: March 14, 2006
CVE Identifier
http://www.macromedia.com/devnet/sec...apsb06-03.html
CVE-2006-0024
Summary
Critical vulnerabilities have been identified in Flash Player that could allow an attacker who successfully exploits these vulnerabilities to take control of the affected system. A malicious SWF must be loaded in Flash Player by the user for an attacker to exploit these vulnerabilities. Users are recommended to update to the most current version of Flash Player available for their platform.
Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”
-
April 3rd, 2006, 04:05 PM
#4
Member
Thanks people. The comments posted thus far are things I've already considered. My feeling is that i'll allow the filetypes internally, but block them them externally (e.g. block them from the Internet). But is this itself also a vulnerability? Does the browser ActiveX plugin itself have vulnerabilities that can be exploited even if shockwave files themselves are blocked?
Cheers again,
alan mott
-
April 3rd, 2006, 04:25 PM
#5
Alan,
Sorry to sound rude and all, but why would they want this?
I have a request from our user community to allow access to shockwave multimedia files on the Internet from our corporate desktop system
I am afraid that I would need a lot of convincing, and it would have to come from their bosses
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|