[Esd-l] Extensions to poison: .wmv and possibly .wma

John Hardin jhardin at impsec.org
Fri Mar 22 21:28:01 PST 2002

On Fri, 2002-03-22 at 10:15, Brett Glass wrote:
> See the description below for details....
> --Brett Glass
> >GreyMagic Security Advisory GM#002-IE
> >By GreyMagic Software, Israel.
> >22 Mar 2002.
> >
> >WMV/WMA generally plays under Windows Media Player and has the ability to
> >include a form of script that lets developers control various aspects of the
> >movie.

wma and wmv have been added to the default MANGLE_EXTENSIONS list in the
development sanitizer. I really ought to do a release this weekend.

> >a, img { display:none; }
> >Hello, Eudora.
> ><DEFANGED_IMG dynsrc="file://C:/Progra~1/Qualcomm/Eudora/Attach/gmlaunch.wmv">

As you can see, this particular variant of exploit wouldn't work if
DEFANG_WEBBUGS is enabled.

Thanks, Brett.

 John Hardin KA7OHZ    ICQ#15735746    http://www.impsec.org/~jhardin/
 jhardin at impsec.org                       pgpk -a jhardin at wolfenet.com
  768: 0x41EA94F5 - A3 0C 5B C2 EF 0D 2C E5  E9 BF C8 33 A7 A9 CE 76 
 1024: 0xB8732E79 - 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79

More information about the esd-l mailing list