[4885] in WWW Security List Archive
Re: Shockwave plug-in security loophole reported
daemon@ATHENA.MIT.EDU (Prentiss Riddle)
Mon Mar 24 14:32:24 1997
From: Prentiss Riddle <riddle@is.rice.edu>
To: bob@lava.net (Robert P Cunningham)
Date: Mon, 24 Mar 1997 10:31:22 -0600 (CST)
Cc: www-security@ns2.rutgers.edu
In-Reply-To: <m0w5JB9-000FUOC@malasada.lava.net> from "Robert P Cunningham" at Mar 13, 97 12:40:00 pm
Errors-To: owner-www-security@ns2.rutgers.edu
> Date: Thu, 13 Mar 97 12:40 WET
> From: bob@lava.net (Robert P Cunningham)
> To: www-security@ns2.rutgers.edu
> Subject: Shockwave plug-in security loophole reported
>
> For those interested in such things, David de Vitry (a developer
> at Poppe Tyson Interactive) has posted a note on his own web site
> about a security loophole with the Shockwave plug-in when used with
> Navigator 3.x (and possibly 2.x...and possibly even some other
> browsers):
>
> http://www.webcomics.com/shockwave/
David has endorsed a security release from Macromedia dated 3/19/97
and available from:
http://www.macromedia.com/shockwave/download
Macromedia's own explanation of the problem and their fix is at:
http://www.macromedia.com/support/director/securitytech.html
Anybody have anything to add?
-- Prentiss Riddle ("aprendiz de todo, maestro de nada") riddle@rice.edu
-- RiceInfo Administrator, Rice University / http://is.rice.edu/~riddle
