Slashdot Mirror


WinXP and WinAmp Vulnerable to Malicious MP3s

mypenwry writes "Foundstone, a Mission Viejo, CA security services company, is reporting several vulnerabilities that would allow malicious code embedded in MP3 and WMA files to be executed via WinXP and WinAmp. WinAmp versions 2.81 and 3.0 are vulnerable to buffer overflows via certain long ID3v2 tags when MP3 files are loaded. More troubling is the WinXP vulnerability: A buffer overflow exists in Explorer's automatic reading of MP3 or WMA (Windows Media Audio) file attributes in Windows XP. An attacker could create a malicious MP3 or WMA file, that if placed in an accessed folder on a Windows XP system, would compromise the system and allow for remote code execution. The MP3 does not need to be played, it simply needs to be stored in a folder that is browsed to, such as an MP3 download folder, the desktop, or a NetBIOS share. This vulnerability is also exploitable via Internet Explorer by loading a malicious web site. Explorer automatically reads file attributes regardless of whether or not the user actually highlights, clicks on, reads, or opens the file. Windows XP's Explorer will overflow if corrupted attributes exist within the MP3 or WMA file. Microsoft has issued a fix for this vulnerability. Nullsoft has posted fixed version of WinAmp 2.81 and 3.0 on their web site."

9 of 498 comments (clear)

  1. IN SOVIET RUSSIA by Anonymous Coward · · Score: -1, Troll

    Malicious mp3s are vulnerable to YOU

  2. In Soviet Russia... by Anonymous Coward · · Score: -1, Troll

    In Soviet Russia, data hacks you.

  3. The RIAA was right... by Hasie · · Score: 0, Troll

    ...MP3s are harmful to business!

  4. XMMS too. by Anonymous Coward · · Score: 0, Troll

    I just found a buffer with unchecked bounds in XMMS. This ain't no good. I should have a patch posted in a few minutes.

  5. Re:Uh Oh by TheMidget · · Score: 0, Troll
    I hope no one tells the RIAA about this. They will be putting landmines in P2P soon.

    I hope someone does tell them. What better ally than the RIAA to fight that Redmond scum. Let the bad guys turn their guns on each other!

  6. Re:So click the update button by ch-chuck · · Score: 0, Troll


    Yes, but what they DONT tell you is that's it was a clever pre-planned bug intentionally planted so they can automatically update it when they got the payment and go ahead from the RIAA to install the DRM modules along with it, as publicly stated in the updated license agreement you agreed to when you clicked on the "I Agree" button under the agreement you didn't read that said the agreement may be changed at any time w/o having to notify you, and therefore all perfectly legal.

    --
    try { do() || do_not(); } catch (JediException err) { yoda(err); }
  7. Re:Why does this matter to /.-ers? by Anonymous Coward · · Score: -1, Troll

    Agreed, no audiophile would be caught dead using Vorbis. No, not because it's lossy, but because it's low quality. It's generally accepted around the audio community that Vorbis is one of the lowest quality lossy codecs around. Tuning at low bit rates is acceptable, but everything above 128kbps is very poor, even at 500kbps, where Vorbis is still not transparent.

  8. IN SOVIET RUSSIA.... by Anonymous Coward · · Score: -1, Troll

    ...we do not use vulnerable US made software.

  9. Re:Hey moderators! by Anonymous Coward · · Score: -1, Troll
    You violated the golden rule: never criticize or "correct" a moderator...

    To read more about these official moderation criticism rule, click here, especially if you're a moderator.

    Thanks, and have a nice day.