[<prev] [next>] [day] [month] [year] [list]
Message-ID: <6905b1570709120513x2163f12drb43e9febdc213e2e@mail.gmail.com>
Date: Wed, 12 Sep 2007 13:13:00 +0100
From: "pdp (architect)" <pdp.gnucitizen@...glemail.com>
To: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: 0DAY: QuickTime pwns Firefox
http://www.gnucitizen.org/blog/0day-quicktime-pwns-firefox
It seams that QuickTime media formats can hack into Firefox. The
result of this vulnerability can lead to full compromise of the
browser and maybe even the underlaying operating system. Don't try
this at home.
In practice I can do anything with the browser, like installing
browser backdoors, and the operating system if the victim is running
with administrative privileges. However, just for the sake of this
demonstration, I simply open calc.exe. Keep in mind that the exploit
is cross-platformed.
Check the link above for demonstration and more information how the
exploit works.
--
pdp (architect) | petko d. petkov
http://www.gnucitizen.org
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists