Plugin auto-installation a good thing?
A vulnerability was recently discovered within the Macromedia Shockwave installer that allowed for a malicious site with specific content to deliver arbitrary code for execution as a part of a plug-in ActiveX installation script. The vendor has reportedly fixed this problem with the installer to eliminate this vulnerability. However, to be cautious, if you intend to user Shockwave, it would be advisable to do so directly from the vendors site, rather than allow auto-installation of the plugin to occur from a random site with content requiring the plugin. The original advisory and more details can be found at http://www.zerodayinitiative.com/advisories/ZDI-06-002.html.
Keywords:
0 comment(s)
×
Diary Archives
Comments