Full Disclosure mailing list archives
0DAY: QuickTime pwns Firefox
From: "pdp (architect)" <pdp.gnucitizen () googlemail com>
Date: Wed, 12 Sep 2007 13:13:00 +0100
http://www.gnucitizen.org/blog/0day-quicktime-pwns-firefox It seams that QuickTime media formats can hack into Firefox. The result of this vulnerability can lead to full compromise of the browser and maybe even the underlaying operating system. Don't try this at home. In practice I can do anything with the browser, like installing browser backdoors, and the operating system if the victim is running with administrative privileges. However, just for the sake of this demonstration, I simply open calc.exe. Keep in mind that the exploit is cross-platformed. Check the link above for demonstration and more information how the exploit works. -- pdp (architect) | petko d. petkov http://www.gnucitizen.org _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- 0DAY: QuickTime pwns Firefox pdp (architect) (Sep 12)