lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <6905b1570709191128n27322ce6l3b3f38426e0080b0@mail.gmail.com>
Date: Wed, 19 Sep 2007 19:28:12 +0100
From: "pdp (architect)" <pdp.gnucitizen@...glemail.com>
To: "Rahul Mohandas" <rahulmohandas1@...il.com>
Cc: "Memisyazici, Aras" <arasm@...edu>, bugtraq@...urityfocus.com,
	full-disclosure@...ts.grok.org.uk
Subject: Re: security notice: Backdooring Windows Media
	Files

back online... too many visitors lately

On 9/19/07, Rahul Mohandas <rahulmohandas1@...il.com> wrote:
> Could someone send me the POC's please if you have a local copy.
> Gnucitizen.org is not accessible for me.
>
> Thanks
>
>
> ----- Original Message -----
> From: "pdp (architect)" <pdp.gnucitizen@...glemail.com>
> To: "Memisyazici, Aras" <arasm@...edu>
> Cc: <bugtraq@...urityfocus.com>; <full-disclosure@...ts.grok.org.uk>
> Sent: Wednesday, September 19, 2007 12:30 AM
> Subject: Re: security notice: Backdooring Windows Media Files
>
>
> > yes, of course :) but u are running Windows Media Player 11 which is
> > not the default one for Windows XP SP2. Moreover, this Media Player
> > edition is not slipped through any software update either. Therefore,
> > if you are not a Media Player fan, you will never get this version on
> > a fully patched XP SP2 machine. I tend to use iTunes on XP SP2, so yes
> > I am vulnerable.
> >
> > On 9/18/07, Memisyazici, Aras <arasm@...edu> wrote:
> >> Hi pdp!
> >>
> >> Great admirer of your work :) I just wanted to inform you that I have
> >> tested your claim, on a fully patched/updated Win XP SP2 system with an
> >> admin account logged in, and was warned sufficiently(asked whether I
> >> wanted to play asx files, then asked if I was sure by Media Player, then
> >> pop-up was blocked by IE), while the page you tried to produce was
> >> blocked via IE's pop-up blocker.
> >>
> >> You can see/confirm this by viewing these screenshots:
> >>
> >> http://preview.tinyurl.com/34xpcz
> >> (http://i189.photobucket.com/albums/z159/vtknightmare/noworkie1.png )
> >>
> >> and
> >>
> >> http://preview.tinyurl.com/34jx5v
> >> (http://i189.photobucket.com/albums/z159/vtknightmare/noworkie2.png )
> >>
> >> This was tested on a plain/manila/vanilla version of XP SP2. All I did
> >> was update/upgrade to latest available from M$ Update.
> >>
> >> Sincerely,
> >> Aras Memisyazici
> >> IT/Security/Dev. Specialist
> >>
> >> Outreach Information Services
> >> Virginia Tech
> >>
> >> -----Original Message-----
> >> From: pdp (architect) [mailto:pdp.gnucitizen@...glemail.com]
> >> Sent: Tuesday, September 18, 2007 11:58 AM
> >> To: bugtraq@...urityfocus.com; full-disclosure@...ts.grok.org.uk
> >> Subject: security notice: Backdooring Windows Media Files
> >>
> >> http://www.gnucitizen.org/blog/backdooring-windows-media-files
> >>
> >> It is very easy to put some HTML inside files supported by Window
> >> Media Player. The interesting thing is that these HTML pages run in
> >> less restrictive IE environment. I found that a fully patched windows
> >> XP SP2 with IE6 or IE7 and Windows Media Player 9 (default) will open
> >> any page of your choice in IE even if your default browser is Firefox,
> >> Opera or anything else you have in place. It means that even if you
> >> are running Firefox and you think that you are secure, by simply
> >> opening a media file, you expose yourself to all IE vulnerabilities
> >> there might be. Plus, attackers can perform very very interesting
> >> phishing attacks. I prepared a simple POC which spawns a browser
> >> window in full screen mode... Think about how easy it is going to be
> >> to fake the windows logout - login sequence and phish unaware users'
> >> credentials
> >>
> >> http://www.gnucitizen.org/projects/backdooring-windows-media-files/poc02
> >> .asx
> >>
> >> On the other hand Media Player 11 (Vista by default) is not exposed to
> >> these attacks.
> >>
> >> --
> >> pdp (architect) | petko d. petkov
> >> http://www.gnucitizen.org
> >>
> >
> >
> > --
> > pdp (architect) | petko d. petkov
> > http://www.gnucitizen.org
>
>


-- 
pdp (architect) | petko d. petkov
http://www.gnucitizen.org

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ