Adobe promises to soon patch 2-year-old Shockwave flaw

Status
Not open for further replies.

Fiery

Level 1
Thread author
Jan 11, 2011
2,007
Adobe plans in February to close a dangerous hole in its Shockwave application that causes the application to be downgraded when a user launches older multimedia content, allowing hackers to target years-old vulnerabilities.


The U.S. Computer Emergency Readiness Team (U.S. CERT) issued an advisory on the vulnerability, which could allow an attacker to deliver malware and execute arbitrary code, considered to be one of the most dangerous kinds of flaws.

U.S. CERT notified Adobe of the problem on October 27, 2010, but an Adobe spokesperson said Wednesday that the problem will be closed with the next major upgrade of Shockwave, scheduled for February 12.

"We are not aware of any active exploits or attacks in the wild using this particular technique," said Wiebke Lips, senior manager with Adobe corporate communications. Adobe did not consider the issue a high risk to users.

Shockwave is used to play content created in Macromedia and Adobe Director, which offers advanced tools for creating interactive content, including Flash.

U.S. CERT cited Adobe documentation that says if a user encounters content that does not specify to use the latest Shockwave version 11, an older ActiveX control is downloaded that pulls components of the older Shockwave 10 player. Shockwave uses an ActiveX control when content is requested within Microsoft's Internet Explorer and is present as a plugin in other browsers, according to U.S. CERT.


Read more: http://www.pcworld.com/article/2023266/adobe-promises-to-soon-patch-2-year-old-shockwave-flaw.html
 

McLovin

Level 76
Verified
Honorary Member
Malware Hunter
Apr 17, 2011
9,222
Wow, I even have Shockwave installed for some reason. It's being uninstalled for now at least.
 

Viking

Level 26
Verified
Honorary Member
Top Poster
Well-known
Oct 2, 2011
1,531
I know Flash is needed for Youtube etc, but do we actually need Shockwave? I have it installed, but not sure if I need it.
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top