Tech Support banner

Status
Not open for further replies.
1 - 1 of 1 Posts

·
Premium Member
Joined
·
1,611 Posts
Discussion Starter #1
These guys never cease to amuse us :

A newly-discovered flaw in Windows XP puts digital music users at risk, Microsoft Corp. announced Wednesday. A bug in Microsoft’s flagship operating system software allows computer attackers to craft MP3 or WMA music files that give them control of listeners’ computers. Simply browsing to a Web page or folder where such an MP3 file is stored would be enough to invoke the malicious code, and allow an attacker to create, modify, or delete data on the victim’s computer. THE FLAW WAS discovered in a research lab by security firm Foundstone Inc.
CEO George Kurtz said he believes it’s the first such vulnerability impacting sound file formats.
Digital music files come with attached information, or attributes, which describe the name of the song, the sample rate and other basic file information. An attacker can insert malicious code in that data which causes a “buffer overrun,” causing the computer to surrender control to the attack.
Victims need not be induced to play the infected music file to cause an attack. Because of the way Windows file Explorer reads the attribute information, simply hovering over an infected music file’s icon is enough to cause the buffer overrun. Accessing a folder where the file lives would also invoke the malicious program, as would visiting a Web site where the file is stored.
 
1 - 1 of 1 Posts
Status
Not open for further replies.
Top