Security Corner

May 25 2010   12:14AM GMT

Uninstall Adobe Shockwave

Ken Harthun Ken Harthun Profile: Ken Harthun

Adobe’s Shockwave (this is NOT flash – flash is sometimes labeled “Shockwave Flash”) has a bucket full of vulnerabilities (11 in all). It’s not a widely used platform and I recommend you uninstall it immediately. It will be labeled simply as “Shockwave” or “Shockwave Player” and will have a version number of 11.x.x.xxx. Shockwave Flash is at version 10.x. (See image.) In this @RISK: The Consensus Security Vulnerability Alert Volume: IX, Issue: 20, May 13, 2010 article, SANS outlines the vulnerabilities:

The first issue is caused by a boundary error while processing Shockwave 3D block. The second issue is a memory corruption vulnerability caused by a signedness error while processing malicious Shockwave files. The third issue is a memory corruption vulnerability caused by an array indexing error while processing malicious Shockwave files.

. . .

The eleventh issue is caused by a signedness error while processing Director files. There are some more unspecified errors which can be exploited to cause memory corruption.

Unless you have a specific use for this plugin, just get rid of it. I found I don’t even have it, so it’s not really an issue for website functionality.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: