Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Full Disclosure: Backdooring MP3 files (plus QuickTime issues and Cross-context Scripting)

Backdooring MP3 files (plus QuickTime issues and Cross-context Scripting)

From: pdp (architect) <pdp.gnucitizen_at_googlemail.com>
Date: Wed, 20 Sep 2006 22:49:41 +0100

http://www.gnucitizen.org/blog/backdooring-mp3-files

MP3 files can be backdoored with malicious content too.

Over the past few days I have been exploring different features of
Apple's QuickTime player - key software component of iTunes and
standard part of many home and business workstations. A lot of
research was conducted and some problems, which IMHO are quite
serious, were found. Please take this post as a security notice.

QuickTime is quite versatile and flexible media platform which has a
lot of functionalities. I quite like it I must say. I even use iTunes
on daily basis. Unfortunately because of its flexibility QuickTime
seams to allow execution of malicious content in a form of JavaScript
from media files such as mp3, mp4, m4a and everything else that is
supported.

The article can be found at the link above. 

-- 
pdp (architect)
http://www.gnucitizen.org
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Received on Sep 20 2006
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]