lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20030915063506.CF2D0727B@sitemail.everyone.net>
Date: Sun, 14 Sep 2003 23:35:06 -0700 (PDT)
From: Bipin Gautam <door_hUNT3R@...ckcodemail.com>
To: bugtraq@...urityfocus.com
Cc: full-disclosure@...ts.netsys.com
Subject: Windows Movie maker 2 determines a supportive file type JUST by
 judging its extension!





---DESCRIPTION---
Windows Movie Maker 2 only determines whether a file type is supportive by it or not, ONLY by judging its extension. So, suppose if you have to import a VCD movie (*.dat) to your Windows Movie Maker 2 you have to copy the whole file to a read/write drive rename its extension to *.mov (ie: any extension that media player 2 recognizes)
	Amazingly, windows movie maker 1 effectively judges a supportive movie file by its header so it doesn't matter even if you rename a movie file to *.zip, it would effectively look at the header data and allow us to import in WINDOWS MOVIE MAKER 1. But strangely, Windows Movie Maker judges a supportive file type just by judging its extension! This could prove very inconvenient if we have to import a file through network or read-only drives.

---CONCLUSION---
INDEED A POOR PROGRAMMING PRACTICE! (o;

--[Background Information]--
These bug's were originally discovered by hUNT3R, [myself] a member of 01 Security Submission. The vendor was notified via email.
---[about 01 security submission]---
01s.s is a small group having experience as security specialists, programmers and system administrators.
http://www.ysgnet.com/hn

       | .oÛ_Oo.h»UNTER.oO_Ûo. |
      §  !¹007Õ°¿ÑïÞÎß°Õæ9*½¹!  ‡

_____________________________________________________________
Secure mail ---> http://www.blackcode.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ