lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <6905b1570709180857q35d77119vbf6c9d432de74376@mail.gmail.com>
Date: Tue, 18 Sep 2007 16:57:43 +0100
From: "pdp (architect)" <pdp.gnucitizen@...glemail.com>
To: bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk
Subject: security notice: Backdooring Windows Media Files

http://www.gnucitizen.org/blog/backdooring-windows-media-files

It is very easy to put some HTML inside files supported by Window
Media Player. The interesting thing is that these HTML pages run in
less restrictive IE environment. I found that a fully patched windows
XP SP2 with IE6 or IE7 and Windows Media Player 9 (default) will open
any page of your choice in IE even if your default browser is Firefox,
Opera or anything else you have in place. It means that even if you
are running Firefox and you think that you are secure, by simply
opening a media file, you expose yourself to all IE vulnerabilities
there might be. Plus, attackers can perform very very interesting
phishing attacks. I prepared a simple POC which spawns a browser
window in full screen mode... Think about how easy it is going to be
to fake the windows logout - login sequence and phish unaware users'
credentials

http://www.gnucitizen.org/projects/backdooring-windows-media-files/poc02.asx

On the other hand Media Player 11 (Vista by default) is not exposed to
these attacks.

-- 
pdp (architect) | petko d. petkov
http://www.gnucitizen.org

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ