digg

Join DiggAbout

Donkeys and Elephants and Delegates,oh my!
Check out the most popular Elections 2008 content on Digg.

XSS in Quicktime; Backdooring QuickTime Movies

gnucitizen.org — How to use QuickTime Movie files to trick the user into executing malicious JavaScript code. The technique presented here does not relay on a vulnerability bur rather on an insecure feature present in QuickTime player from version 3, up to the latest version 7.

Bury
show profanity settings
expand all
  • jasonuher, on 10/12/2007, -0/+1Thats frightening.

    Just another argument as to why automatically playing things like flash and quicktime should be disabled by default (as opposed to the '***** annoying' argument)
  • WiseWeasel, on 10/12/2007, -0/+1Yeah, I personally use mplayer OS X to play any untrusted .mov I download. I've personally experienced QuickTime executing random code embedded in .mov files (typically porn movies from p2p that open a bunch of web sites). Apple really needs to fix this problem.

    Dugg
  •  

    Login or register to add a comment

    Create a new account or login to join in the conversation on Digg. You'll also be able to Digg stories to help promote things you like.


© Digg Inc. 2008 — Content posted by Digg users is dedicated to the public domain.
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.