Create an Account
username: password:
 
  MemeStreams Logo

MemeStreams Discussion

search


This page contains all of the posts and discussion on MemeStreams referencing the following web page: XP Flaw Puts MP3, Windows Media Files at Risk. You can find discussions on MemeStreams as you surf the web, even if you aren't a MemeStreams member, using the Threads Bookmarklet.

XP Flaw Puts MP3, Windows Media Files at Risk
by w1ld at 2:18 pm EST, Dec 19, 2002

] "Thanks to a newly found flaw in Windows XP, two of the
] most popular audio file formats can be used by crackers
] to take control of remote PCs. Users only need to hover
] their mouse pointers over the icons for malicious MP3 or
] Windows Media files to execute the attacker's code,
] Microsoft Corp. said in a bulletin published Wednesday.
] The vulnerability lies in the Windows Shell, which is the
] portion of the operating system responsible for defining
] the user's desktop as well as organizing files and
] folders and enabling the OS to start applications. An
] unchecked buffer in a function used by the shell to
] extract custom attribute data from audio files enables an
] attacker to create a malicious MP3 or Windows Media file
] and use it to run code on a remote user's machine. "

Man that just awesome.


XP Flaw Puts MP3, Windows Media Files at Risk
by Rattle at 4:11 pm EST, Dec 19, 2002

] "Thanks to a newly found flaw in Windows XP, two of the
] most popular audio file formats can be used by crackers
] to take control of remote PCs. Users only need to hover
] their mouse pointers over the icons for malicious MP3 or
] Windows Media files to execute the attacker's code,
] Microsoft Corp. said in a bulletin published Wednesday.
] The vulnerability lies in the Windows Shell, which is the
] portion of the operating system responsible for defining
] the user's desktop as well as organizing files and
] folders and enabling the OS to start applications. An
] unchecked buffer in a function used by the shell to
] extract custom attribute data from audio files enables an
] attacker to create a malicious MP3 or Windows Media file
] and use it to run code on a remote user's machine. "

Downright scary considering all the talk out of Microsoft about abandoning the traditional filesystem. There is no way in hell its going to be secure. Not with their coding pratices anyway. Trojans using MP3s, PNGs, etc, as vectors.. Completely ridiculous.

I've been _really_ enjoying watching Microsoft shoot themselves in the foot over and over the past year or so. Between the failure of many parts of their .NET product line, the steady flow of security problems like this, and changes in their license structure, its becoming obvious to even the casual consumer and non-hardcore-tech CIOs that Microsoft products cannot be trusted or depended on.


 
 
Powered By Industrial Memetics