Dailydave mailing list archives
RTSP an' Friends
From: Dave Aitel <dave () immunityinc com>
Date: Mon, 26 Nov 2007 19:57:30 +0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 So I was checking out this link here in Unethical Hacking class today: http://www.symantec.com/enterprise/security_response/weblog/2007/11/0day_exploit_for_apple_quickti.html A few quick notes on this particular bug: 1. RTSP is like HTTP, in that you can specify any port you like. (So outbound 554 is not necessary - 443 will work too, if you like. ) 2. It's not hard to make the exploit work against IE 7, but the user will have to click on the ActiveX (or hit the spacebar) to enable it. The exploit in CANVAS Early Updates does both of these things. - -dave -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFHSyUqtehAhL0gheoRAsgYAJ9v490wdssLRn2MedHc4bSKypzL0gCeLH+a Hj/k6gXDOAbnEZapjaNVzHU= =crVA -----END PGP SIGNATURE----- _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- RTSP an' Friends Dave Aitel (Nov 26)
- Re: RTSP an' Friends Steve Shockley (Nov 26)