Create an Account
username: password:
 
  MemeStreams Logo

XP Flaw Puts MP3, Windows Media Files at Risk
search
Home Agent Weblogs Social Network Post Help About

Rattle
Picture of Rattle
Rattle's Pics
My Blog
My Profile
My Audience
My Sources
Send Me a Message

sponsored links

Rattle's topics
Arts
  Literature
   Sci-Fi/Fantasy Literature
  Movies
  Music
Business
  Tech Industry
  Telecom Industry
Games
Health and Wellness
Holidays
Miscellaneous
  Humor
  MemeStreams
   Using MemeStreams
Current Events
  War on Terrorism
  Elections
Recreation
  Travel
Local Information
  SF Bay Area
   SF Bay Area News
Science
  Biology
  History
  Nano Tech
  Physics
  Space
Society
  Economics
  Futurism
  International Relations
  Politics and Law
   Civil Liberties
    Internet Civil Liberties
    Surveillance
   Intellectual Property
  Media
   Blogging
  Military
  Security
Sports
Technology
  Biotechnology
  Computers
   Computer Security
    Cryptography
   Cyber-Culture
   PC Hardware
   Computer Networking
   Macintosh
   Linux
   Software Development
    Open Source Development
    Perl Programming
    PHP Programming
   Spam
   Web Design
  Military Technology
  High Tech Developments

support us

Get MemeStreams Stuff!


 
XP Flaw Puts MP3, Windows Media Files at Risk
Topic: Computers 4:11 pm EST, Dec 19, 2002

] "Thanks to a newly found flaw in Windows XP, two of the
] most popular audio file formats can be used by crackers
] to take control of remote PCs. Users only need to hover
] their mouse pointers over the icons for malicious MP3 or
] Windows Media files to execute the attacker's code,
] Microsoft Corp. said in a bulletin published Wednesday.
] The vulnerability lies in the Windows Shell, which is the
] portion of the operating system responsible for defining
] the user's desktop as well as organizing files and
] folders and enabling the OS to start applications. An
] unchecked buffer in a function used by the shell to
] extract custom attribute data from audio files enables an
] attacker to create a malicious MP3 or Windows Media file
] and use it to run code on a remote user's machine. "

Downright scary considering all the talk out of Microsoft about abandoning the traditional filesystem. There is no way in hell its going to be secure. Not with their coding pratices anyway. Trojans using MP3s, PNGs, etc, as vectors.. Completely ridiculous.

I've been _really_ enjoying watching Microsoft shoot themselves in the foot over and over the past year or so. Between the failure of many parts of their .NET product line, the steady flow of security problems like this, and changes in their license structure, its becoming obvious to even the casual consumer and non-hardcore-tech CIOs that Microsoft products cannot be trusted or depended on.

XP Flaw Puts MP3, Windows Media Files at Risk

Thread [2] - Reply


  
 
Powered By Industrial Memetics		RSS2.0