| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon Mar 27 21:34:00 2006 From: jeff at wildernessfringe.com (Jeff Pflueger) Subject: Example of a Quicktime OverFlow Attack and some questions Hi, I just received 4 .mov files of a recent lecture so that they could be posted on a website. One of these files was posted on a website. When accessed via a browser, the QT movie causes Norton to block the download: "Attempted Intrusion 'Apple QuickTime and ITunes Overflow' against your machine" I am running QT Player 7.0.4 on XP. Information on the attack is here: http://www.symantec.com/avcenter/attack_sigs/s21529.html I'd give you the URL for the .mov file, but I don't want to cause the attack. Safe via bittorrent yes? So - An example of the file available via bittorrent is here: http://chomskytorrents.org/DownloadTorrent.php?TorrentID=1119 My question is: I know who created these .mov files. Does this mean that the files were intentionally crafted by this individual to exploit the QT Overrun Buffer vulnerability? Or is there some other explanation? Anyway to discern the nature of the attack from the QT movie itself (example above)? Thanks for help on this, Jeff -------------- next part -------------- A non-text attachment was scrubbed... Name: jeff.vcf Type: text/x-vcard Size: 284 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060327/fce7af9d/jeff.vcf
Powered by blists - more mailing lists