Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Plugin auto-installation a good thing? - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Plugin auto-installation a good thing?
A vulnerability was recently discovered within the Macromedia Shockwave installer that allowed for a malicious site with specific content to deliver arbitrary code for execution as a part of a plug-in ActiveX installation script. The vendor has reportedly fixed this problem with the installer to eliminate this vulnerability. However, to be cautious, if you intend to user Shockwave, it would be advisable to do so directly from the vendors site, rather than allow auto-installation of the plugin to occur from a random site with content requiring the plugin. The original advisory and more details can be found at http://www.zerodayinitiative.com/advisories/ZDI-06-002.html.
Brian

22 Posts

Sign Up for Free or Log In to start participating in the conversation!