Full Disclosure mailing list archives
Backdooring MP3 files (plus QuickTime issues and Cross-context Scripting)
From: "pdp (architect)" <pdp.gnucitizen () googlemail com>
Date: Wed, 20 Sep 2006 22:49:41 +0100
http://www.gnucitizen.org/blog/backdooring-mp3-files MP3 files can be backdoored with malicious content too. Over the past few days I have been exploring different features of Apple's QuickTime player - key software component of iTunes and standard part of many home and business workstations. A lot of research was conducted and some problems, which IMHO are quite serious, were found. Please take this post as a security notice. QuickTime is quite versatile and flexible media platform which has a lot of functionalities. I quite like it I must say. I even use iTunes on daily basis. Unfortunately because of its flexibility QuickTime seams to allow execution of malicious content in a form of JavaScript from media files such as mp3, mp4, m4a and everything else that is supported. The article can be found at the link above. -- pdp (architect) http://www.gnucitizen.org _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Backdooring MP3 files (plus QuickTime issues and Cross-context Scripting) pdp (architect) (Sep 20)