lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20030916061540.76EC43EF8@sitemail.everyone.net>
Date: Mon, 15 Sep 2003 23:15:40 -0700 (PDT)
From: Bipin Gautam <door_hUNT3R@...ckcodemail.com>
To: houdini@....edu
Cc: full-disclosure@...ts.netsys.com, bugtraq@...urityfocus.com
Subject: Re: Windows Movie maker 2 determines a
    supportive file type JUST by judging its extension!



programmers at microsoft doing such a blunder CARELESSNESS!!!

<let the world know>

YAP, i feel its a seripus issue in one of its highly highlighted product

this would prove lot of inconvinence to most users [I DON'T THINK YOU USE MOVIE MAKER]


--- Bill Weiss <houdini@....edu> wrote:
>Bipin Gautam(door_hUNT3R@...ckcodemail.com)@Sun, Sep 14, 2003 at 11:35:06PM -0700:
>> 
>> 
>> 
>> ---DESCRIPTION---
>> Windows Movie Maker 2 only determines whether a file type is supportive by it or not, ONLY by judging its extension. So, suppose if you have to import a VCD movie (*.dat) to your Windows Movie Maker 2 you have to copy the whole file to a read/write drive rename its extension to *.mov (ie: any extension that media player 2 recognizes)
>> 	Amazingly, windows movie maker 1 effectively judges a supportive movie file by its header so it doesn't matter even if you rename a movie file to *.zip, it would effectively look at the header data and allow us to import in WINDOWS MOVIE MAKER 1. But strangely, Windows Movie Maker judges a supportive file type just by judging its extension! This could prove very inconvenient if we have to import a file through network or read-only drives.
>
>Ok, so, what's the security problem in this?  It's a crap program, why do
>we care?
>
>-- 
>Bill Weiss
> 
>In the future we're all going to regret this period in music where
>our tastes were determinedby 11 year old girls and wrestling fans.
>        -- Moby

_____________________________________________________________
Secure mail ---> http://www.blackcode.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ