Thursday, October 21, 2010

Critical 0-day vulnerability in Adobe Shockwave for Director -- disable now

There's a zero-day vulnerability with code sample available. In the past, that usually lead to active exploits within a few days.

The only defense right now is to disable Shockwave:
  • Type about:plugins, hit enter.
  • Find "Shockwave for Director" (no, not Shockwave Flash)
  • If you can't find it, good! Otherwise, click "Disable".
Adobe has released an advisory but there's no patch to download yet
http://www.adobe.com/support/security/advisories/apsa10-04.html

In a previous post I was counting over 1 vulnerability per week:
http://secbrowsing.blogspot.com/2010/08/one-security-hole-per-week-for-obscure.html

In an even older post I tried to answer some common questions such as "What is Shockwave for Director?"
http://secbrowsing.blogspot.com/2010/05/how-to-uninstall-shockwave-and-other.html
Posted by