Audio files figure in latest Microsoft vulnerability

Two security alerts were issued Wednesday concerning vulnerabilities in Nullsoft Inc.'s WinAmp music player and Microsoft Corp.'s Windows XP operating system that can be exploited using corrupt audio files.

The flaws allow MP3 or Windows Media files containing malicious code to be introduced into a user's PC, allowing an attacker to run damaging code on that machine, according to security company Foundstone Inc., in Mission Viejo, California. The corrupt files would sound identical to unmodified music files, the company said.

The buffer overflow security vulnerability in Windows XP can cause the operating system to run suspect code when its file-browsing application, Windows Explorer, plays a music file. The vulnerability lies in the Windows Shell, and Microsoft's Windows Media Player is not affected by the problem, Microsoft said in an advisory posted on its Web site. It characterized the problem as "critical" and issued a patch which can be found at http://www.microsoft.com/technet/security/bulletin/ms02-072.asp.

An unchecked buffer allows an attacker to overwhelm a computer by sending it more information than the program can handle. Once overwhelmed, the machine becomes vulnerable to just about any code or instructions sent to it by an attacker.

The attacker could create corrupted MP3 or WMA files and host them on a Web site or on some other shared network, or send them to a victim via an HTML (hypertext markup language) e-mail, Microsoft said. A user could launch the malicious code simply by moving a mouse pointer over the icon for the file on a Web page or on a local disk, the Redmond, Washington, company warned. Opening a shared folder where the file is stored, as well as opening or previewing a contaminated e-mail, can also set off the problem.

WinAmp has a similar flaw, affecting versions 2.81 and 3.0 of its WinAmp player, that allows code to run when certain multimedia tags in MP3 and WMA files are loaded with too much data. Specifically, the WinAmp 2.81 overflow problem is with the handling of the Artist ID3v2 tag upon immediate loading of an MP3 file, while two Winamp 3.0 overflows are present in Media Library's handling of the Artist and Album ID3v2 tags, Foundstone said.

Foundstone has alerted Nullsoft to the problem and Nullsoft has released fixed versions of Winamp 2.81 and Winamp 3.0, which can be found on its Web site at http://www.winamp.com.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Laura Rohde

PC World
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Tom Pope

Dynabook Portégé X30L-G

Ultimately this laptop has achieved everything I would hope for in a laptop for work, while fitting that into a form factor and weight that is remarkable.

Tom Sellers

MSI P65

This smart laptop was enjoyable to use and great to work on – creating content was super simple.

Lolita Wang

MSI GT76

It really doesn’t get more “gaming laptop” than this.

Jack Jeffries

MSI GS75

As the Maserati or BMW of laptops, it would fit perfectly in the hands of a professional needing firepower under the hood, sophistication and class on the surface, and gaming prowess (sports mode if you will) in between.

Taylor Carr

MSI PS63

The MSI PS63 is an amazing laptop and I would definitely consider buying one in the future.

Christopher Low

Brother RJ-4230B

This small mobile printer is exactly what I need for invoicing and other jobs such as sending fellow tradesman details or step-by-step instructions that I can easily print off from my phone or the Web.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?