[ISN] Music file flaws could threaten traders

From: InfoSec News (isnat_private)
Date: Thu Dec 19 2002 - 00:58:08 PST

  • Next message: InfoSec News: "[ISN] One Man's Info War on al-Qaida"

    By Robert Lemos 
    Staff Writer, CNET News.com
    December 18, 2002, 5:12 PM PT
    A security firm on Wednesday warned that people using Windows XP or
    popular music player WinAmp could fall prey to a vulnerability,
    enabling a modified music file to take control of a person's PC.
    Flaws in both pieces of software could introduce malicious MP3 or
    Windows Media files--which sound identical to unmodified music--into
    the file-swapping systems, said George Kurtz, CEO of Foundstone.
    "These particular vulnerabilities are definitely attack vectors for
    any people or entity that is looking to go after those that are taking
    part in file-swapping activities," he said.
    The music industry and Hollywood are eyeing such hacking tactics as a
    way to stop file swappers from trading copyrighted music in the
    future. A bill sponsored by Rep. Howard Berman, D-Calif., and Howard
    Coble, R-N.C., and introduced into the U.S. House of Representatives
    in July, would allow copyright owners limited rights to hack into
    peer-to-peer networks.
    Such attacks could take advantage of flaws similar to the two found by
    Mission Viejo, Calif.-based Foundstone.
    The flaw in Windows XP can force the operating system to run code when
    a music file is played by Windows Explorer, the operating system's
    file-browsing application. Even placing the mouse pointer over a file
    icon--opening a preview of the file--could trigger the file's payload,
    if it has one. The vulnerability does not affect the Windows Media
    Player, according to details posted by Microsoft in its advisory.
    The vulnerability occurs because certain attributes of the files can
    be loaded with bad data that affect the amount of memory that
    Microsoft's Windows allocates for the information. Known as a buffer
    overflow, such problems are a common software security problem.
    People who use NullSoft's popular WinAmp software also have to watch
    out, said Foundstone's Kurtz. WinAmp has a similar flaw that allows
    code to run when certain multimedia tags in MP3 and WMA files are
    loaded with too much data. Kurtz said that the company has notified
    NullSoft and has a patch prepared. A representative for the software
    maker couldn't be reached for comment.
    This is the second time in recent months that Microsoft has had a
    problem with a common multimedia format. In November, the company
    warned that its operating system's mishandling of the PNG (portable
    network graphics) image format could allow a malicious program to
    compromise a person's computer. Microsoft later upgraded the severity
    of that vulnerability to "critical."
    Other multimedia formats are also becoming targets for Internet
    attacks. Web software maker Macromedia warned last week that a flaw in
    its Shockwave Flash Player, a popular browser plug-in for animating
    Web graphics, could leave Internet users open to attack.
    The patch for Windows XP is available through Microsoft's Windows
    Update service. The newest version of NullSoft's WinAmp is available
    on the company's WinAmp site.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Thu Dec 19 2002 - 19:34:44 PST