Most Vulnerable Plugins 2013

Discussion in 'other security issues & news' started by KeyPer4Life, Jan 14, 2014.

Thread Status:
Not open for further replies.
  1. KeyPer4Life

    KeyPer4Life Registered Member

    Joined:
    Dec 18, 2013
    Posts:
    974
  2. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Who here actually uses Adobe Shockwave?
     
  3. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    Or Quicktime ?

    Anyway, no real surprise with the usual culprits :p
     
  4. KeyPer4Life

    KeyPer4Life Registered Member

    Joined:
    Dec 18, 2013
    Posts:
    974
    Provides an easy to use web interface to CVE vulnerability data.
    You can browse for vendors, products and versions and view cve entries, vulnerabilities,
    related to them.


    http://www.cvedetails.com/
     
  5. act8192

    act8192 Registered Member

    Joined:
    Nov 9, 2006
    Posts:
    1,272
    Seamonkey calls the plugin Shockwave for several seconds.
    Shockwave.jpg
    On youtube video I normally get a tiny Shockwave question, which changes to adobe's icon resembling "f", I permit and the video plays.
    Just reporting as I don't understand any of it really. Opera uses, I think, the same plugin FlashUtil32_11_9_900_170_Plugin.exe using NPSWF32_11_9_900_170.dll.
    I haven't updated to v12 yet.
     
  6. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,054
    Google Chrome also uses Shockwave flash.

    Regards, hqsec
     
  7. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Seriously guys, I'm not talking about the naming of Adobe Flash. I specifically stated Adobe Shockwave. And yes QuickTime will be almost as rare.
     
  8. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,054
    Yes, you're right. I have read (and post) too fast. :oops:

    Regards, hqsec
     
  9. act8192

    act8192 Registered Member

    Joined:
    Nov 9, 2006
    Posts:
    1,272
    Huh?
    Please explain. Clearly.

    For years I've seen something called Shockwave and then it changed, I think, to Flash. All the same to me. It plays something that moves.
    I think imageshack uses Shockwave, whatever it is or was.
    Actually in registry I just checked I have 10 of those shockwave thingies.

    QT - some people who don't know about VLC use it to be able to play some of their sound files.
     
  10. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    No comment, just please use Google and Wikipedia (beforehand preferably).

    Neither technology is related in any way other than ownership and terminology.
    ImageShack uses or used to use Flash. I'm not signing up to verify, but it like virtually everywhere else never used Shockwave.
    Well most of those could be remnants from previous versions.
     
  11. KeyPer4Life

    KeyPer4Life Registered Member

    Joined:
    Dec 18, 2013
    Posts:
    974
  12. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    From http://kb.mozillazine.org/Macromedia_Flash:
     
  13. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,695
    This article came as a total shocker for me.
    Mrk
     
  14. safeguy

    safeguy Registered Member

    Joined:
    Jun 14, 2010
    Posts:
    1,709
    I'm still waiting for HTML5 to be more widely used instead of Adobe Flash or Silverlight.
     
  15. act8192

    act8192 Registered Member

    Joined:
    Nov 9, 2006
    Posts:
    1,272
    KeyPer4Life and MrBrian,
    Thank you for your kind answer and helpful links. Now I understand that "shockwave" and "adobe" in the plugin name don't mean "Adobe Shockwave".
     
  16. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    2,508
    Location:
    Slovakia
    Shockwave is installed, because of the obvious confusion with flash, when people try to update flash to fix problems. QuickTime is common in codec packs, JRE is needed once in a lifetime, but once installed it will not go away. I would bet, the all those exploits are delivered via so common outdated plugins unawarely installed in PC, so the stats fits.
     
  17. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
  18. Securon

    Securon Registered Member

    Joined:
    Jan 11, 2009
    Posts:
    1,935
    Location:
    London On
    Good Morning! I'm on one of my most frequently used websites and using Adobe Flash player when I receive the shock wave plug-in not working...and then it proceeds to shut my system down. I tried to check things out at the Adobe site with little luck. I have the latest update for Adobe Flash...so I'm not sure if it's Adobe...Firefox...or Kaspersky. If anyone's familiar with this...I'd appreciate your feedback. Sincerely...Securon
     
  19. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,497
    I have none of that stuff. No PDF program at all. Use HTML5. No .NET Framework either. I like to keep my attack surface as miniscule as possible. I really have very little need for EMET this way. Yet another thing I like about XP. You can bare bone it to the point you have basically no attack surface to worry about exploits. I'll probably use it on Win7 though to take advantage of system wide ASLR, since .NET FW is forced upon you anyway way as well utilize it for something good. That and it runs much smoother on 7/8. On XP it chews on resources and can't take advantage of ASLR anyway, and I already have system DEP Always On.
     
Loading...
Thread Status:
Not open for further replies.