Threat Level: green Handler on Duty: Rick Wanner

SANS ISC: Plugin auto-installation a good thing? SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Plugin auto-installation a good thing?
A vulnerability was recently discovered within the Macromedia Shockwave installer that allowed for a malicious site with specific content to deliver arbitrary code for execution as a part of a plug-in ActiveX installation script. The vendor has reportedly fixed this problem with the installer to eliminate this vulnerability. However, to be cautious, if you intend to user Shockwave, it would be advisable to do so directly from the vendors site, rather than allow auto-installation of the plugin to occur from a random site with content requiring the plugin. The original advisory and more details can be found at

22 Posts
Feb 25th 2006

Sign Up for Free or Log In to start participating in the conversation!