Pdp has done it again: He took a low Quicktime vulnerability and turned it into a serious one: Quicktime pwns Firefox.
It seams that QuickTime media formats can hack into Firefox. The result of this vulnerability can lead to full compromise of the browser and maybe even the underlaying operating system. Don’t try this at home.
Before we move on, I have to say a few things. Last year I disclosed two highly critical QuickTime vulnerabilities here and here. The first vulnerability was fixed but the second one was completely ignored. I tried to bring the spot light on the second vulnerability one more time over here, yet nobody listened. So, I decided to post a demonstration of how a Low risk issue can be turned into a very easy to perform HIGH risk attack.
In practice I can do anything with the browser, like installing browser backdoors, and the operating system if the victim is running with administrative privileges. However, just for the sake of this demonstration, I simply open calc.exe. Keep in mind that the exploit is cross-platformed.For the full explanation and live demo: check Quicktime pwns Firefox.
Security4all Blog
Twitter
Slideshare
Facebook
Digg
Flickr
0 comments:
Post a Comment