[Owasp-delhi] Security Testing of .wmv files

chintan dave davechintan at gmail.com
Mon Aug 2 08:39:03 EDT 2010


Hi Megha,

I did not understand the intent of this question completely.

To my knowledge WMV files are data files. Why would you like to do a
security assessment of a data file?

The program that executes this data file (also commonly referred to as
"loader") is subject to security assessment.

WMV files are different from Flash content. Flash files (swf format)
contains code as well, that's the reason they are subject to VA.

To give an analogy, If there are multiple pdf files on a site, why would
someone do a security assessment of *.pdf file?

There could be vulnerabilities in Adobe's pdf reader software. Ideally you
should assess the loader and not the data file itself.

I am still clueless as to what could be achieved by fuzzing the wmv file or
loading it in a hex editor.

On Mon, Aug 2, 2010 at 12:50 PM, megha anand <itsmeghaanand at gmail.com>wrote:

> Thanks everyone,
>
> Anyone having idea about .WMV memory corruption. How to check it?
>
> Thanks,
> Megha
>
>
>
>
> On Mon, Aug 2, 2010 at 9:35 AM, Gunwant Singh <gunwant.s at gmail.com> wrote:
>
>> Besides what you have been told, you can use hex editors to open the .wmv
>> files. This may help you in verifying if there is any hardcoded sensitive
>> information lying anywhere in the binary. Be wary of any manipulation that
>> you may cause. "Winhex" is an interesting tool.
>>
>>
>> -Gunwant
>>
>> On Fri, Jul 30, 2010 at 11:57 PM, Praveen Darshanam <
>> praveen_recker at yahoo.com> wrote:
>>
>>>   hi megha,
>>>
>>> do u have idea about WMV file format...if u have good idea of WMV file
>>> headers etc. u can fuzz it.......
>>> there are different file format fuzzing tools!!
>>>
>>> best regards,
>>> praveen darshanam
>>>
>>> --- On *Fri, 7/30/10, megha anand <itsmeghaanand at gmail.com>* wrote:
>>>
>>>
>>> From: megha anand <itsmeghaanand at gmail.com>
>>> Subject: [Owasp-delhi] Security Testing of .wmv files
>>> To: owasp-delhi at lists.owasp.org
>>> Date: Friday, July 30, 2010, 1:41 PM
>>>
>>>
>>> *Hi All,
>>>
>>> Does anyone have an idea about how one should go ahead in testing .wmv files.
>>> Also, let me know about tools, checklist if
>>>  any.
>>>
>>>
>>> Thanks,
>>> Megha
>>> *
>>>
>>>
>>> -----Inline Attachment Follows-----
>>>
>>> _______________________________________________
>>> Owasp-delhi mailing list
>>> Owasp-delhi at lists.owasp.org<http://mc/[email protected]>
>>> https://lists.owasp.org/mailman/listinfo/owasp-delhi
>>>
>>>
>>>
>>> _______________________________________________
>>> Owasp-delhi mailing list
>>> Owasp-delhi at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-delhi
>>>
>>>
>>
>>
>> --
>> Gunwant Singh
>>
>>
>
> _______________________________________________
> Owasp-delhi mailing list
> Owasp-delhi at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-delhi
>
>


-- 
Regards,
Chintan Dave,

LinkedIn: http://in.linkedin.com/in/chintandave
Blog:http://www.chintandave.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-delhi/attachments/20100802/fcd3a4df/attachment-0001.html 


More information about the Owasp-delhi mailing list