[CIMC-working] audio security MS flaw

donald goldhamer Don.Goldhamer at pobox.com
Thu, 26 Dec 102 14:07:12 CST

Previous message: [CIMC-working] egad, and other responses, from mr. g.
Next message: [CIMC-working] CIA and Torture: Guantanamo detainees -- Rendering of Prisions: Washington Post/Toronto Star
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Audio Files Figure In Latest Microsoft Vulnerability

The flaws would enable MP3 or Windows Media Audio files containing
malicious code to be introduced into a user's PC, allowing an attacker to
run damaging code on that machine, according to a security company.

http://computerworld.com/newsletter/0%2C4902%2C76935%2C0.html?nlid=SEC

Audio files figure in latest Microsoft vulnerability
 By Laura Rohde, IDG News Service

DECEMBER 19, 2002

Two security alerts were issued yesterday concerning vulnerabilities in
Nullsoft Inc.'s Winamp music player and Microsoft Corp.'s Windows XP
operating system that can be exploited using corrupt audio files.

The flaws allow MP3 or Windows Media Audio (WMA) files containing malicious
code to be introduced into a user's PC, allowing an attacker to run
damaging code on that machine, according to security company Foundstone
Inc. in Mission Viejo, Calif. The corrupt files would sound identical to
unmodified music files, the company said.

The buffer overflow security vulnerability in Windows XP can cause the
operating system to run suspect code when its file-browsing application,
Windows Explorer, plays a music file. The vulnerability lies in the Windows
shell, and Microsoft's Windows Media Player isn't affected by the problem,
Microsoft said in Security Bulletin MS02-072, posted on its Web site. It
characterized the problem as "critical" and issued a patch, which can also
be found in its Web site.

An unchecked buffer allows an attacker to overwhelm a computer by sending
it more information than the program can handle. Once overwhelmed, the
machine becomes vulnerable to just about any code or instructions sent to
it by an attacker.

The attacker could create corrupted MP3 or WMA files and host them on a Web
site or on some other shared network, or send them to a victim via an HTML
e-mail, Microsoft said. A user could launch the malicious code simply by
moving a mouse pointer over the icon for the file on a Web page or on a
local disk, Microsoft warned. Opening a shared folder where the file is
stored, as well as opening or previewing a contaminated e-mail, can also
set off the problem.

Winamp has a similar flaw, affecting Versions 2.81 and 3.0 of its Winamp
player, which allows code to run when certain multimedia tags in MP3 and
WMA files are loaded with too much data. Specifically, the Winamp 2.81
overflow problem is with the handling of the Artist ID3v2 tag upon
immediate loading of an MP3 file, while two Winamp 3.0 overflows are
present in Media Library's handling of the Artist and Album ID3v2 tags,
Foundstone said.

Foundstone has alerted Nullsoft to the problem, and Nullsoft has released
fixed versions of Winamp 2.81 and Winamp 3.0, which can be found on its Web
site at www.winamp.com.

Previous message: [CIMC-working] egad, and other responses, from mr. g.
Next message: [CIMC-working] CIA and Torture: Guantanamo detainees -- Rendering of Prisions: Washington Post/Toronto Star
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]