-G
Thanks to a newly found flaw in Windows XP, two of the most popular audio file formats can be used by crackers to take control of remote PCs. Users only need to hover their mouse pointers over the icons for malicious MP3 or Windows Media files to execute the attacker's code, Microsoft Corp. said in a bulletin published Wednesday.
The vulnerability lies in the Windows Shell, which is the portion of the operating system responsible for defining the user's desktop as well as organizing files and folders and enabling the OS to start applications. An unchecked buffer in a function used by the shell to extract custom attribute data from audio files enables an attacker to create a malicious MP3 or Windows Media file and use it to run code on a remote user's machine.
MP3 files are traded and shared by the millions on sites and peer-to-peer networks all over the Internet. Users commonly download and play files posted by people they've never met, and there is essentially no practical way of verifying the content of these files to ensure that they're not corrupted. The Windows Media format is somewhat less popular than the MP3 format, but is still quite prevalent online.
To exploit the vulnerability, an attacker can do one of three things: host the malicious file on a Web site or on a network share or send it to a user in an HTML mail message. If a user hovered the mouse pointer over the file or the folder containing the file--on a Web page or on the local disk--the code would execute. A user would need to open or preview a mail message containing the code to execute it in the e-mail attack scenario.
Users Peeved at Microsoft Security Effort
A successful attack would either cause the Windows Shell to fail or would run the attacker's code on the user's machine.
The vulnerability is found in Windows XP Home Edition, XP Pro, XP Tablet PC Edition and XP Media Center Edition. The patch for the vulnerability is located here.
Windows XP Home Edition, XP Pro, XP Tablet users: READ NOW!
-
- Respected Artist
- Posts: 849
- https://www.artistsworkshop.eu/meble-kuchenne-na-wymiar-warszawa-gdzie-zamowic/
- Joined: Sat Jun 08, 2002 7:04 am
- Location: Australia
- Has thanked: 0
- Been thanked: 0
Windows XP Home Edition, XP Pro, XP Tablet users: READ NOW!
Telling you what you need to know before you know you need to know it.
-
- Janitor 2nd Class
- Posts: 9018
- Joined: Wed Oct 17, 2001 7:44 pm
- Location: Chesapeake, Ohio
- Has thanked: 0
- Been thanked: 0
-
- Psychotic DCEmu
- Posts: 602
- Joined: Sat Nov 30, 2002 8:34 am
- Has thanked: 0
- Been thanked: 0
- Contact:
- az_bont
- Administrator
- Posts: 13567
- Joined: Sat Mar 09, 2002 8:35 am
- Location: Swansea, Wales
- Has thanked: 0
- Been thanked: 0
- Contact:
kaze wrote:i wonder why it doesnt affect pro
Microsoft wrote:The vulnerability is found in Windows XP Home Edition, XP Pro, XP Tablet PC Edition and XP Media Center Edition
Sick of sub-par Dreamcast web browsers that fail to impress? Visit Psilocybin Dreams!
-
- DCEmu Respected
- Posts: 1394
- Joined: Wed Oct 17, 2001 7:44 pm
- Location: .dc//EMU
- Has thanked: 0
- Been thanked: 0
- Contact:
ok so im blind.....az_bont wrote:kaze wrote:i wonder why it doesnt affect proMicrosoft wrote:The vulnerability is found in Windows XP Home Edition, XP Pro, XP Tablet PC Edition and XP Media Center Edition
Current Music:
Himekami - Exceeding Love
Little Viking - Future
Nas - God's Son Adam Freeland - Fear
Ibana - Shell / Half Pain
Himekami - Exceeding Love
Little Viking - Future
Nas - God's Son Adam Freeland - Fear
Ibana - Shell / Half Pain
-
- Soul Sold for DCEmu
- Posts: 4085
- Joined: Wed Oct 17, 2001 7:44 pm
- Location: NYC
- Has thanked: 0
- Been thanked: 0
- Contact:
-
- Moderator
- Posts: 974
- Joined: Fri Aug 16, 2002 7:12 pm
- Location: afghanistan
- Has thanked: 0
- Been thanked: 0
- Contact:
-
- Soul Sold for DCEmu
- Posts: 4085
- Joined: Wed Oct 17, 2001 7:44 pm
- Location: NYC
- Has thanked: 0
- Been thanked: 0
- Contact: