| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <6905b1570609201449v29065a4cl5ae812540680655b@mail.gmail.com> Date: Wed, 20 Sep 2006 22:49:41 +0100 From: "pdp (architect)" <pdp.gnucitizen@...glemail.com> To: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com, security-basics@...urityfocus.com, webappsec@...urityfocus.com, websecurity@...appsec.org Subject: Backdooring MP3 files (plus QuickTime issues and Cross-context Scripting) http://www.gnucitizen.org/blog/backdooring-mp3-files MP3 files can be backdoored with malicious content too. Over the past few days I have been exploring different features of Apple's QuickTime player - key software component of iTunes and standard part of many home and business workstations. A lot of research was conducted and some problems, which IMHO are quite serious, were found. Please take this post as a security notice. QuickTime is quite versatile and flexible media platform which has a lot of functionalities. I quite like it I must say. I even use iTunes on daily basis. Unfortunately because of its flexibility QuickTime seams to allow execution of malicious content in a form of JavaScript from media files such as mp3, mp4, m4a and everything else that is supported. The article can be found at the link above. -- pdp (architect) http://www.gnucitizen.org _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists