Most Vulnerable Plugins 2013

Most Vulnerable Plugins for 2013

https://community.qualys.com/blogs/...27/secure-your-browser-before-shopping-online

 

Who here actually uses Adobe Shockwave?

 

Or Quicktime ?

Anyway, no real surprise with the usual culprits

 

Provides an easy to use web interface to CVE vulnerability data.
You can browse for vendors, products and versions and view cve entries, vulnerabilities,
related to them.


http://www.cvedetails.com/

 

Seamonkey calls the plugin Shockwave for several seconds.

On youtube video I normally get a tiny Shockwave question, which changes to adobe's icon resembling "f", I permit and the video plays.
Just reporting as I don't understand any of it really. Opera uses, I think, the same plugin FlashUtil32_11_9_900_170_Plugin.exe using NPSWF32_11_9_900_170.dll.
I haven't updated to v12 yet.

 

Google Chrome also uses Shockwave flash.

Regards, hqsec

 

Seriously guys, I'm not talking about the naming of Adobe Flash. I specifically stated Adobe Shockwave. And yes QuickTime will be almost as rare.

 

Yes, you're right. I have read (and post) too fast.

Regards, hqsec

 

Huh?
Please explain. Clearly.

For years I've seen something called Shockwave and then it changed, I think, to Flash. All the same to me. It plays something that moves.
I think imageshack uses Shockwave, whatever it is or was.
Actually in registry I just checked I have 10 of those shockwave thingies.

QT - some people who don't know about VLC use it to be able to play some of their sound files.

 

No comment, just please use Google and Wikipedia (beforehand preferably).

Neither technology is related in any way other than ownership and terminology.
ImageShack uses or used to use Flash. I'm not signing up to verify, but it like virtually everywhere else never used Shockwave.
Well most of those could be remnants from previous versions.

 

Difference between Adobe Flash Player and Shockwave Player

http://www.technogadge.com/difference-between-adobe-flash-player-shockwave-player/


I don't recall using Shockwave, but Flash Player yes.

 

From http://kb.mozillazine.org/Macromedia_Flash:

 

This article came as a total shocker for me.
Mrk

 

I'm still waiting for HTML5 to be more widely used instead of Adobe Flash or Silverlight.

 

Compu KTed and MrBrian,
Thank you for your kind answer and helpful links. Now I understand that "shockwave" and "adobe" in the plugin name don't mean "Adobe Shockwave".

 

Shockwave is installed, because of the obvious confusion with flash, when people try to update flash to fix problems. QuickTime is common in codec packs, JRE is needed once in a lifetime, but once installed it will not go away. I would bet, the all those exploits are delivered via so common outdated plugins unawarely installed in PC, so the stats fits.

 

That chart shows what percentage of a given plugin has a known critical vulnerability. It doesn't show what's being actively attacked most often. To see what's being attacked recently, see https://www.wilderssecurity.com/showthread.php?t=358666.

 

Good Morning! I'm on one of my most frequently used websites and using Adobe Flash player when I receive the shock wave plug-in not working...and then it proceeds to shut my system down. I tried to check things out at the Adobe site with little luck. I have the latest update for Adobe Flash...so I'm not sure if it's Adobe...Firefox...or Kaspersky. If anyone's familiar with this...I'd appreciate your feedback. Sincerely...Securon

 

I have none of that stuff. No PDF program at all. Use HTML5. No .NET Framework either. I like to keep my attack surface as miniscule as possible. I really have very little need for EMET this way. Yet another thing I like about XP. You can bare bone it to the point you have basically no attack surface to worry about exploits. I'll probably use it on Win7 though to take advantage of system wide ASLR, since .NET FW is forced upon you anyway way as well utilize it for something good. That and it runs much smoother on 7/8. On XP it chews on resources and can't take advantage of ASLR anyway, and I already have system DEP Always On.