NuTs62
12-22-2002, 03:58 AM
http://www.internetwk.com/breakingNews/INW20021220S0003
Vulnerability Found In MP3, Windows Media Files
By Mitch Wagner
Security experts warned of vulnerability in MP3 and Windows Media files that can be activated simply by a user hovering his mouse over an infected file. The vulnerability could allow attackers to take over a user's PC.
The flaw in Windows XP can force the operating system to run code when a music file is played by Windows Explorer, the operating system's file-browsing application. Hovering the mouse pointer over a file will open a preview of it and trigger the file's payload if it has one. The vulnerability does not affect Windows Media Player, Microsoft said.
The popular Nullsoft Winamp free media player is also vulnerable.
Further information and patches to Windows and Winamp are available in several places on the Web: the Computer Emergency Response Team/Coordination Center (CERT/CC) at Carnegie Mellon University; Foundstone, with advisories for both Windows XP and Winamp; Microsoft; and Nullsoft, which has an update to Winamp.
Vulnerability Found In MP3, Windows Media Files
By Mitch Wagner
Security experts warned of vulnerability in MP3 and Windows Media files that can be activated simply by a user hovering his mouse over an infected file. The vulnerability could allow attackers to take over a user's PC.
The flaw in Windows XP can force the operating system to run code when a music file is played by Windows Explorer, the operating system's file-browsing application. Hovering the mouse pointer over a file will open a preview of it and trigger the file's payload if it has one. The vulnerability does not affect Windows Media Player, Microsoft said.
The popular Nullsoft Winamp free media player is also vulnerable.
Further information and patches to Windows and Winamp are available in several places on the Web: the Computer Emergency Response Team/Coordination Center (CERT/CC) at Carnegie Mellon University; Foundstone, with advisories for both Windows XP and Winamp; Microsoft; and Nullsoft, which has an update to Winamp.