digip Posted February 23, 2007 Posted February 23, 2007 Anyone using Shockwave 10 for internet explorer should disable it. There is a problem in the lastest version (Shockwave 10.1.4.020 Released 9/28/2006) for Windows Internet Explorer. When exploited it will crash Internet Explorer, or if crafted well enough, do more than a DOS in the browser. A basic exploit for this can be found on the Milw0rm site: http://www.milw0rm.com/exploits/3042 so I am not going to post any exploits, but I am sure anyone wanting to test it will figure it out. I would disable this for everyday use and only turn the settings on when needed for specific sites you want to view that use Shockwave! ----------- (For those of you who are going to ask me how to disable this attack) To disable this, open internet explorer and goto: -Tools -Manage AddOns -Select "Addons that have been used", not the "currently loaded" in internet explorer. Then slide to the right and see if SwDir.dll is enabled. If so, click the item and then select Disable For those of you running anything before 6.0, the only way to block it is either uninstall Shockwave, or use an alternate browser like Opera or Firefox. EDIT: By the way, I am using Oepra, but there are times when Internet Explorer comes in handy. Quote
Oberon Posted February 23, 2007 Posted February 23, 2007 Yet another reason why I'm so happy to be an Opera and FF user. :) Quote
digip Posted February 23, 2007 Author Posted February 23, 2007 Yet another reason why I'm so happy to be an Opera and FF user. :) There are plenty of FF and Opera sploits out there as well. I was just warning people for something most of us use or have installed and take for granted. There are even sploits for Flash out there, so any of you YouTubers and Video enthusiasts would be wise to apply this method to Flash or other plugins as well. A lot of the time Flash related problems are cross platform, and for some OS's they are not as up to date on the releases as they are for Internet Explorer and Windows. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.