Security Basics mailing list archives
Re: files containing web llinks
From: "pdp (architect)" <pdp.gnucitizen () googlemail com>
Date: Thu, 23 Nov 2006 22:53:49 +0000
Hi, it is possible to open links from several types of media formats including images, although this is the first case someone mentions it on a security list I believe. This type of issue was found in PDF, RealMedia, QuickTime, and QuckTime Media Link. It is good to note that QuickTime MediaLink can imitate any other media format as long as the QuickTime player is supports the file type and the format itself. The GIF header issue, on the other hand allows JavaScript code to execute when an effected image is opened in the browser. I am almost sure that a special type of preview handler is installed inside the Windows, you will get these links execute automatically from the desktop. Why? Well, you know how today everything is object and all parts of the operating system are components. So, Instead of reinventing the wheel developers will use the appropriate video component to grab the first frame only, resize it, and display it to the user as a thumbnail. This is very good but some formats will execute the link right a way which means that as soon as explorer displays the image, u get a link as well. Here are some references to various types of articles on this subject: http://www.gnucitizen.org/blog/backdooring-mp3-files http://www.gnucitizen.org/blog/backdooring-quicktime-movies http://www.gnucitizen.org/blog/backdooring-flash-objects-receipt http://www.gnucitizen.org/blog/backdooring-flash-objects http://www.gnucitizen.org/blog/backdooring-web-pages http://michaeldaw.org/md-hacks/backdooring-pdf-files/ http://www.virusbtn.com/news/virus_news/2006/11_17a.xml I hope this helps, Can you send us some of the files for analysis. On 20 Nov 2006 17:26:22 -0000, mr.nasty () ix netcom com <mr.nasty () ix netcom com> wrote:
I know this is a dumb question and I probably should know the answer or it's something so obvious I just can't see it. I've seen image files and movie (mpg, etc) files that when opened will open a web browser to a specific web site. Two questions. 1) when you encounter a file like this how can you tell or how can you remove the link from opening a web browser? 2) how is this done. I've tried searching google and security focus but get a lot of php type of results here and html tag explanation from google. I don't think this is a tag so much as it is something in the way the file is saved or configured. --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
-- pdp (architect) | petko d. petkov http://www.gnucitizen.org
Current thread:
- files containing web llinks mr . nasty (Nov 20)
- Re: files containing web llinks pdp (architect) (Nov 24)
- Re: files containing web llinks Jeffrey F. Bloss (Nov 27)
- Segregation of Duties related Faheem SIDDIQUI (Nov 27)
- <Possible follow-ups>
- Re: files containing web llinks mr . nasty (Nov 21)
- Re: files containing web llinks Jeffrey F. Bloss (Nov 22)
- RE: files containing web llinks David Gillett (Nov 23)
- Re: files containing web llinks Jeffrey F. Bloss (Nov 23)
- Re: files containing web llinks Jeffrey F. Bloss (Nov 22)
- Re: files containing web llinks pdp (architect) (Nov 24)
- Re: Re: files containing web llinks krymson (Nov 23)
- RE: files containing web llinks Laundrup, Jens (Nov 23)