Full Disclosure mailing list archives
security notice: Backdooring Windows Media Files
From: "pdp (architect)" <pdp.gnucitizen () googlemail com>
Date: Tue, 18 Sep 2007 16:57:43 +0100
http://www.gnucitizen.org/blog/backdooring-windows-media-files It is very easy to put some HTML inside files supported by Window Media Player. The interesting thing is that these HTML pages run in less restrictive IE environment. I found that a fully patched windows XP SP2 with IE6 or IE7 and Windows Media Player 9 (default) will open any page of your choice in IE even if your default browser is Firefox, Opera or anything else you have in place. It means that even if you are running Firefox and you think that you are secure, by simply opening a media file, you expose yourself to all IE vulnerabilities there might be. Plus, attackers can perform very very interesting phishing attacks. I prepared a simple POC which spawns a browser window in full screen mode... Think about how easy it is going to be to fake the windows logout - login sequence and phish unaware users' credentials http://www.gnucitizen.org/projects/backdooring-windows-media-files/poc02.asx On the other hand Media Player 11 (Vista by default) is not exposed to these attacks. -- pdp (architect) | petko d. petkov http://www.gnucitizen.org _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- security notice: Backdooring Windows Media Files pdp (architect) (Sep 18)
- Re: security notice: Backdooring Windows Media Files jf (Sep 18)
- Re: security notice: Backdooring Windows Media Files Memisyazici, Aras (Sep 18)
- Re: security notice: Backdooring Windows Media Files pdp (architect) (Sep 18)
- Re: security notice: Backdooring Windows Media Files Memisyazici, Aras (Sep 18)
- Re: security notice: Backdooring Windows Media Files Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] (Sep 18)
- Re: security notice: Backdooring Windows Media Files Rahul Mohandas (Sep 19)
- Re: security notice: Backdooring Windows Media Files pdp (architect) (Sep 19)
- Re: security notice: Backdooring Windows Media Files pdp (architect) (Sep 18)