To reduce the database size and server load, all articles from 2004 or earlier are archived here.
- December 2004 (52)
- November 2004 (33)
- October 2004 (54)
- September 2004 (43)
- August 2004 (41)
- July 2004 (57)
- June 2004 (82)
- May 2004 (53)
- April 2004 (45)
- March 2004 (49)
- February 2004 (40)
- January 2004 (46)
- December 2003 (44)
- November 2003 (48)
- October 2003 (57)
- September 2003 (45)
- August 2003 (54)
- July 2003 (62)
- June 2003 (46)
- May 2003 (47)
- April 2003 (51)
- March 2003 (63)
- February 2003 (69)
- January 2003 (72)
- December 2002 (63)
- November 2002 (70)
- October 2002 (72)
- September 2002 (73)
- August 2002 (41)
- July 2002 (39)
- June 2002 (19)
- May 2002 (3)
- April 2002 (1)
Mon, 23 Dec 2002
MP3 & Windows Media File vulnerability found
Security experts are warning of a vulnerability in MP3 and Windows Media files that can be activated simply by a user hovering a mouse over an infected file. The vulnerability could let attackers take over a user's PC.
Note that this doesn't seem to affect Macs.
The flaw in Windows XP can force the operating system to run code when a music file is played by Windows Explorer, the operating system's file-browsing application. Hovering the mouse pointer over a file will open a preview of it and trigger the file's payload, if it has one. The vulnerability doesn't affect Windows Media Player, Microsoft says.
The popular Nullsoft Winamp free media player is also vulnerable.
Further information and patches to Windows and Winamp are available in several places on the Web: the CERT Coordination Center at Carnegie Mellon University; Foundstone, with advisories for both Windows XP and Winamp; Microsoft; and Nullsoft, which has an update to Winamp.
To stay updated on this story, visit InformationWeek.