Hosting Provided By

0DAY: QuickTime pwns Firefox

From: pdp (architect) <pdp.gnucitizen(at)googlemail.com>
Date: Wed Sep 12 2007 - 08:13:00 EDT

http://www.gnucitizen.org/blog/0day-quicktime-pwns-firefox

It seams that QuickTime media formats can hack into Firefox. The result of this vulnerability can lead to full compromise of the browser and maybe even the underlaying operating system. Don't try this at home.

In practice I can do anything with the browser, like installing browser backdoors, and the operating system if the victim is running with administrative privileges. However, just for the sake of this demonstration, I simply open calc.exe. Keep in mind that the exploit is cross-platformed.

Check the link above for demonstration and more information how the exploit works.

-- 
pdp (architect) | petko d. petkov
http://www.gnucitizen.org

Received on Wed Sep 12 12:06:27 2007

This message: [ Message body ]
Next message: Integrigy Alerts: "Oracle Jinitiator 1.1.8 Vulnerabilities CVE-2007-4467 - Additional Information"
Previous message: S21sec Labs: "S21SEC-036-EN Ekiga <= 2.0.5 Denial of service"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Sun Oct 28 2007 - 06:15:20 EDT