Backdooring MP3 files (plus QuickTime issues and Cross-context Scripting)

To: full-disclosure@xxxxxxxxxxxxxxxxx, bugtraq@xxxxxxxxxxxxxxxxx, security-basics@xxxxxxxxxxxxxxxxx, webappsec@xxxxxxxxxxxxxxxxx, websecurity@xxxxxxxxxxxxx
Subject: Backdooring MP3 files (plus QuickTime issues and Cross-context Scripting)
From: "pdp (architect)" <pdp.gnucitizen@xxxxxxxxxxxxxx>
Date: Wed, 20 Sep 2006 22:49:41 +0100
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=googlemail.com; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=LWfPazygpXMlHlbI8LxBjM2nvxovo7+uoDvjP3/j/EBaIC5SMzeWtafg3M3AIC5z1zwKO90WigxBGQ3eb5Uuv+9wDCwtO1i692soKV+pH3SaXYfsYTE5ZRHWUxTr8N+ta7qLrKiMlnE2Z9vf5uCok298SBKiHLR7cDws/iwvyro=
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

http://www.gnucitizen.org/blog/backdooring-mp3-files

MP3 files can be backdoored with malicious content too.

Over the past few days I have been exploring different features of
Apple's QuickTime player - key software component of iTunes and
standard part of many home and business workstations. A lot of
research was conducted and some problems, which IMHO are quite
serious, were found. Please take this post as a security notice.

QuickTime is quite versatile and flexible media platform which has a
lot of functionalities. I quite like it I must say. I even use iTunes
on daily basis. Unfortunately because of its flexibility QuickTime
seams to allow execution of malicious content in a form of JavaScript
from media files such as mp3, mp4, m4a and everything else that is
supported.

The article can be found at the link above.

--
pdp (architect)
http://www.gnucitizen.org

Prev by Date: Re: vml.c - Internet Explorer VML Buffer Overflow Download Exec Exploit
Next by Date: Re: Apple Remote Desktop root vulneravility
Previous by thread: RSA Keyon Log verification bypass vulnerability
Next by thread: "Buffer overflow" term considered overloaded
Index(es):
- Date
- Thread