JD on EP: Shockwave installer

February 23, 2006

Shockwave installer

Shockwave installer: There was an inline update to the Shockwave ActiveX installer yesterday, to prevent a rogue site from overfilling the ActiveX read buffers when someone in IE/Win updated Shockwave from a suspect site. All already-installed Players are fine; it was the ActiveX installation process itself which had a potential vulnerability. I haven't heard of similar buffer overflow in the other Adobe ActiveX installers. No action needed on your part, or your clients... I'm blogging this here in case you get questions, or hear the story with other details elsewhere. Thanks to 3Com for the find... if you ever have security concerns about a possible path, then the Security Center is the best path for reporting it, thanks.

Posted by John Dowdell at February 23, 2006 12:09 PM

JD on EP

This is a historical site. New entries are at blogs.adobe.com/jd. Comments are closed on these old entries.

February 23, 2006

Shockwave installer