digg

Facebook Connect Join Digg About

XSS in Quicktime; Backdooring QuickTime Movies

gnucitizen.org How to use QuickTime Movie files to trick the user into executing malicious JavaScript code. The technique presented here does not relay on a vulnerability bur rather on an insecure feature present in QuickTime player from version 3, up to the latest version 7.

Who dugg this?

Digg DudeWhat is Digg?

Digg is a place for people to discover and share content from anywhere on the web. Digg surfaces the best stuff as submitted and voted on by the community. Take the Tour to learn more.

2 Comments

show profanity settings
expand all
  • WiseWeasel, on 10/12/2007, -0/+1Yeah, I personally use mplayer OS X to play any untrusted .mov I download. I've personally experienced QuickTime executing random code embedded in .mov files (typically porn movies from p2p that open a bunch of web sites). Apple really needs to fix this problem.

    Dugg
  • jasonuher, on 10/12/2007, -0/+1Thats frightening.

    Just another argument as to why automatically playing things like flash and quicktime should be disabled by default (as opposed to the '***** annoying' argument)

  • Add a Comment

    Login or register to comment!
    Or, sign-in super fast with your Facebook account ...


© Digg Inc. 2009 — Content created and posted by Digg users is dedicated to the public domain | Terms of Use Updated | Privacy Policy
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.