Slashdot Mirror

← Back to Stories (view on slashdot.org)

WinXP and WinAmp Vulnerable to Malicious MP3s

Posted by michael on from the cruddy-music dept.

mypenwry writes "Foundstone, a Mission Viejo, CA security services company, is reporting several vulnerabilities that would allow malicious code embedded in MP3 and WMA files to be executed via WinXP and WinAmp. WinAmp versions 2.81 and 3.0 are vulnerable to buffer overflows via certain long ID3v2 tags when MP3 files are loaded. More troubling is the WinXP vulnerability: A buffer overflow exists in Explorer's automatic reading of MP3 or WMA (Windows Media Audio) file attributes in Windows XP. An attacker could create a malicious MP3 or WMA file, that if placed in an accessed folder on a Windows XP system, would compromise the system and allow for remote code execution. The MP3 does not need to be played, it simply needs to be stored in a folder that is browsed to, such as an MP3 download folder, the desktop, or a NetBIOS share. This vulnerability is also exploitable via Internet Explorer by loading a malicious web site. Explorer automatically reads file attributes regardless of whether or not the user actually highlights, clicks on, reads, or opens the file. Windows XP's Explorer will overflow if corrupted attributes exist within the MP3 or WMA file. Microsoft has issued a fix for this vulnerability. Nullsoft has posted fixed version of WinAmp 2.81 and 3.0 on their web site."

4 of 498 comments (clear)

  1. The RIAA was right... by Hasie · · Score: 0, Troll

    ...MP3s are harmful to business!

  2. XMMS too. by Anonymous Coward · · Score: 0, Troll

    I just found a buffer with unchecked bounds in XMMS. This ain't no good. I should have a patch posted in a few minutes.

  3. Re:Uh Oh by TheMidget · · Score: 0, Troll
    I hope no one tells the RIAA about this. They will be putting landmines in P2P soon.

    I hope someone does tell them. What better ally than the RIAA to fight that Redmond scum. Let the bad guys turn their guns on each other!

  4. Re:So click the update button by ch-chuck · · Score: 0, Troll


    Yes, but what they DONT tell you is that's it was a clever pre-planned bug intentionally planted so they can automatically update it when they got the payment and go ahead from the RIAA to install the DRM modules along with it, as publicly stated in the updated license agreement you agreed to when you clicked on the "I Agree" button under the agreement you didn't read that said the agreement may be changed at any time w/o having to notify you, and therefore all perfectly legal.

    --
    try { do() || do_not(); } catch (JediException err) { yoda(err); }