Comments on: Details of the QuickTime Vulnerability http://www.gnucitizen.org/blog/details-of-the-quicktime-vulnerability/ Information Security Think Tank Tue, 06 Jan 2009 07:59:27 +0000 http://wordpress.org/?v=2.7 hourly 1 By: pdp http://www.gnucitizen.org/blog/details-of-the-quicktime-vulnerability/comment-page-1/#comment-123741 pdp Wed, 17 Sep 2008 09:53:52 +0000 https://www.gnucitizen.org/?p=1209#comment-123741 in my POC, it launches the system calculator and this is enough to make me worried. in my POC, it launches the system calculator and this is enough to make me worried.

]]> By: denka http://www.gnucitizen.org/blog/details-of-the-quicktime-vulnerability/comment-page-1/#comment-123726 denka Mon, 15 Sep 2008 18:23:49 +0000 https://www.gnucitizen.org/?p=1209#comment-123726 Can you be specific to the extent of damage the Java application loaded in this way (from a share) can do? Will it not fail with any attempt to read/write files, or launch other applications? Can you be specific to the extent of damage the Java application loaded in this way (from a share) can do? Will it not fail with any attempt to read/write files, or launch other applications?

]]> By: The QuickTime Vulnerability Overview | GNUCITIZEN http://www.gnucitizen.org/blog/details-of-the-quicktime-vulnerability/comment-page-1/#comment-123651 The QuickTime Vulnerability Overview | GNUCITIZEN Wed, 10 Sep 2008 10:57:39 +0000 https://www.gnucitizen.org/?p=1209#comment-123651 [...] Overview published: September 10th, 2008 The details of the vulnerability were covered in my previous post. In this one I would like to briefly talk about the [...] [...] Overview published: September 10th, 2008 The details of the vulnerability were covered in my previous post. In this one I would like to briefly talk about the [...]

]]> By: djTeller http://www.gnucitizen.org/blog/details-of-the-quicktime-vulnerability/comment-page-1/#comment-123648 djTeller Wed, 10 Sep 2008 08:16:25 +0000 https://www.gnucitizen.org/?p=1209#comment-123648 So Simple but yet so destructive. I guess QT rushed into fixing this bug, so there are probably some more attack vectors with the SMIL format or even the same one with a twist. Great work PDP thanks for the info. So Simple but yet so destructive. I guess QT rushed into fixing this bug, so there are probably some more attack vectors with the SMIL format or even the same one with a twist.

Great work PDP thanks for the info.

]]> By: Adrian 'pagvac' Pastor http://www.gnucitizen.org/blog/details-of-the-quicktime-vulnerability/comment-page-1/#comment-123640 Adrian 'pagvac' Pastor Tue, 09 Sep 2008 22:45:24 +0000 https://www.gnucitizen.org/?p=1209#comment-123640 This is a neat example of a simple bug that can lead to command execution. Simple yet effective. This is a neat example of a simple bug that can lead to command execution. Simple yet effective.

]]>