Backdooring MP3 files (plus QuickTime issues and Cross-context Scripting) Sep 20 2006 09:49PM
pdp (architect) (pdp gnucitizen googlemail com)

MP3 files can be backdoored with malicious content too.

Over the past few days I have been exploring different features of
Apple's QuickTime player - key software component of iTunes and
standard part of many home and business workstations. A lot of
research was conducted and some problems, which IMHO are quite
serious, were found. Please take this post as a security notice.

QuickTime is quite versatile and flexible media platform which has a
lot of functionalities. I quite like it I must say. I even use iTunes
on daily basis. Unfortunately because of its flexibility QuickTime
seams to allow execution of malicious content in a form of JavaScript
from media files such as mp3, mp4, m4a and everything else that is

The article can be found at the link above.

pdp (architect)

[ reply ]


Privacy Statement
Copyright 2010, SecurityFocus