Full Disclosure mailing list archives
Example of a Quicktime OverFlow Attack and some questions
From: Jeff Pflueger <jeff () wildernessfringe com>
Date: Mon, 27 Mar 2006 12:33:37 -0800
Hi, I just received 4 .mov files of a recent lecture so that they could be posted on a website. One of these files was posted on a website. When accessed via a browser, the QT movie causes Norton to block the download: "Attempted Intrusion 'Apple QuickTime and ITunes Overflow' against your machine" I am running QT Player 7.0.4 on XP. Information on the attack is here: http://www.symantec.com/avcenter/attack_sigs/s21529.html I'd give you the URL for the .mov file, but I don't want to cause the attack. Safe via bittorrent yes? So - An example of the file available via bittorrent is here: http://chomskytorrents.org/DownloadTorrent.php?TorrentID=1119 My question is: I know who created these .mov files. Does this mean that the files were intentionally crafted by this individual to exploit the QT Overrun Buffer vulnerability? Or is there some other explanation? Anyway to discern the nature of the attack from the QT movie itself (example above)? Thanks for help on this, Jeff
Attachment:
jeff.vcf
Description:
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Example of a Quicktime OverFlow Attack and some questions Jeff Pflueger (Mar 27)