Slashdot Mirror

← Back to Stories (view on slashdot.org)

WinXP and WinAmp Vulnerable to Malicious MP3s

Posted by michael on from the cruddy-music dept.

mypenwry writes "Foundstone, a Mission Viejo, CA security services company, is reporting several vulnerabilities that would allow malicious code embedded in MP3 and WMA files to be executed via WinXP and WinAmp. WinAmp versions 2.81 and 3.0 are vulnerable to buffer overflows via certain long ID3v2 tags when MP3 files are loaded. More troubling is the WinXP vulnerability: A buffer overflow exists in Explorer's automatic reading of MP3 or WMA (Windows Media Audio) file attributes in Windows XP. An attacker could create a malicious MP3 or WMA file, that if placed in an accessed folder on a Windows XP system, would compromise the system and allow for remote code execution. The MP3 does not need to be played, it simply needs to be stored in a folder that is browsed to, such as an MP3 download folder, the desktop, or a NetBIOS share. This vulnerability is also exploitable via Internet Explorer by loading a malicious web site. Explorer automatically reads file attributes regardless of whether or not the user actually highlights, clicks on, reads, or opens the file. Windows XP's Explorer will overflow if corrupted attributes exist within the MP3 or WMA file. Microsoft has issued a fix for this vulnerability. Nullsoft has posted fixed version of WinAmp 2.81 and 3.0 on their web site."

11 of 498 comments (clear)

  1. FP?? by Anonymous Coward · · Score: -1, Offtopic

    Probably not.

  2. FP !!!! by kcar5150 · · Score: -1, Offtopic

    w00t !

    My first FP !!!!

    1. Re:FP !!!! by Anonymous Coward · · Score: -1, Offtopic

      Watch it so you don't cum all over us... :-P

    2. Re:FP !!!! by kcar5150 · · Score: -1, Offtopic

      Or not. Damn.

  3. i got the first post by Anonymous Coward · · Score: -1, Offtopic

    Yo Yo BZATCHES,

    First post mofo

  4. SLASHCODE VULNERABILITY DISCLOSURE by Anonymous Coward · · Score: -1, Offtopic

    Hitting "Reply" causes a Denial of Service in SlashCode!!!

    404 File Not Found
    The requested URL (articles/02/12/19/1329243.shtml?tid=128) was not found.

    If you feel like it, mail the url, and where ya came from to pater@slashdot.org.

    Get your l33t 0-dayz h3r3!!

  5. In other news by Anonymous Coward · · Score: -1, Offtopic

    GNU HURD STILL dosent support ps2 mice, and serial mice support is still alpha!

  6. completely off topic by OpCode42 · · Score: -1, Offtopic

    In websites you!

  7. Hey moderators! by TheMidget · · Score: -1, Offtopic

    I'm a midget, not a troll!

  8. Mr. grammar guy by Anonymous Coward · · Score: -1, Offtopic

    and the proper plural of BEEEEEOTCH is BEEEEOTCHAE !

  9. WinXP and WinAmp Upgrade to Fix Malicious MP3s: by Anonymous Coward · · Score: -1, Offtopic

    Download the unofficial "Service Pack" here!