ĭuring the 1990s, Shockwave was a common format for CD-ROM projectors, kiosk presentations, and interactive video games, and dominated in interactive multimedia. Shockwave supports raster graphics, basic vector graphics, 3D graphics, audio, and an embedded scripting language called Lingo.
Adobe then acquired Shockwave with Macromedia in 2005. MacroMind originated the technology Macromedia acquired MacroMind and developed it further, releasing Shockwave Player in 1995. Such content could be viewed in a web browser on any computer with the Shockwave Player plug-in installed. Developers originate content using Adobe Director and publish it on the Internet. Adobe ShockwaveĪdobe Shockwave (formerly Macromedia Shockwave and MacroMind Shockwave) is a discontinued multimedia platform for building interactive multimedia applications and video games. "We are reviewing our security update process in order to mitigate risks in Shockwave Player," Edell said.Not to be confused with. Because of this, it may be easier to exploit a vulnerability when Flash is hosted by Shockwave, for example."Īdobe spokeswoman Heather Edell confirmed that CERT's information is correct, and that the next release of Shockwave Player will include the updated version of Flash Player. In the case of Shockwave, there are some mitigations missing in a number of modules, such as SafeSEH. "One of the things that helps make a vulnerability more difficult is how many of the exploit mitigations a vendor opts in to. "So not only are the vulnerabilities there, but they're easier to exploit as well," Dormann said. That's because Shockwave has several modules that don't opt in to trivial exploit mitigation techniques built into Microsoft Windows, such as SafeSEH. Dormann said he initially alerted the public to this gaping security hole in 2012 via this advisory, but that he first told Adobe about this lacklustre update process back in 2010.Īs if that weren't bad enough, Dormann said it may actually be easier for attackers to exploit Flash vulnerabilities via Shockwave than it is to exploit them directly against the stand-alone Flash plug-in itself.