Wilders Security Forums  

Go Back   Wilders Security Forums > Other Security Topics > other security issues & news
Reload this Page MP3 Files Not Always Safe With Top Media Players
User Name
Password
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

 
 
Thread Tools Search this Thread
  #1  
Old February 26th, 2002, 06:08 PM
javacool javacool is offline
BrightFort Moderator
  
Join Date: Feb 2002
Posts: 3,879
Default MP3 Files Not Always Safe With Top Media Players
Trying to play any MP3 file you just recently got may bring along a plague of browser ads.

Read more at Newsbytes.com here: http://www.newsbytes.com/news/02/174747.html


Enjoy! *
__________________

*Official BrightFort Website*
*SpywareBlaster*

*Please note: I am not responsible if any advice herein causes any trouble whatsoever *
  #2  
Old February 26th, 2002, 06:10 PM
javacool javacool is offline
BrightFort Moderator
  
Join Date: Feb 2002
Posts: 3,879
Default Re: MP3 Files Not Always Safe With Top Media Playe
Couresty of NewsBytes.com:

Quote:
MP3 Files Not Always Safe With Top Media Players *

By Brian McWilliams, Newsbytes
SEATTLE, WASHINGTON, U.S.A.,
25 Feb 2002, 11:59 AM CST

A quirk in media players from Microsoft and RealNetworks could enable attackers to hijack Web browsers and run scripts on the computers of some MP3 music fans.

The trick has apparently been discovered by pornography sites and spammers, which have been seeding some music file trading services with bogus MP3 music files.

One such MP3 file, ostensibly containing the music of the Los Angeles-based rock group Lifehouse, launched a pornographic video and generated a "massive" amount of pop-up ads when played back on the Windows Media Player from Microsoft, according to one newsgroup report.

Tests by Newsbytes have shown that both the Windows Media Player and the RealOne Player from RealNetworks are susceptible to the attack, which involves creating a special multimedia file in the players' respective proprietary formats, and then renaming that file so that it has a .MP3 extension.

Representatives of Microsoft and RealNetworks were not immediately available for comment.

Because they cannot contain viruses or other malicious code, files in the MP3 format are generally trusted by Internet users, who freely swap such files with strangers over services such as Morpheus, Grokster and Kazaa.

But security experts today said the popular players' handling of multimedia files could open a new door for "malware" writers.

"With this feature, security holes in Internet Explorer are now exploitable from MP3 files," said Richard M. Smith, an Internet consultant and formerly chief technology officer for the Privacy Foundation.

In fact, the booby-trapped MP3s circulating on file swapping services are not MP3s at all, but instead are camouflaged files in the proprietary formats created by Microsoft and RealNetworks.

Both media firms have developed media formats that enable content developers to add hyperlinks and JavaScript code to their audio or video presentations.

In tests by Newsbytes, both companies' media players ignored discrepancies between a file's actual media format and its file name extension.

For example, a special multimedia file created by Newsbytes in Microsoft's proprietary .WMA format played back properly in the Windows Media Player after being renamed with a .MP3 extension. The demonstration launched Web pages in the listener's browser while an audio track played.

Similarly, the RealOne player successfully launched a RealVideo file that had been renamed with a .MP3 extension and vice versa.

According to Thor Larholm, a Danish security researcher, downloaded media files with embedded URLs and scripts are subject to the security features built in to Microsoft's Internet Explorer browser. Since such files are usually treated as local files by IE, they may have additional privileges that allow the files to run hostile ActiveX components and execute commands, he said.

AOL Time Warner's WinAMP media player is not capable of playing such renamed files, nor are any other popular music players that do not support Real's and Microsoft's proprietary formats.

Besides modifying their media players to ascertain whether a file's content matches its file name extension, Smith said Microsoft and RealNetworks could resolve the potential security issues by restricting the ability of music files to execute JavaScript or launch URLs.

In response to a growing threat from malicious HTML e-mail messages, Microsoft has made similar changes to its Outlook e-mail reader, Smith said.

Microsoft's information on embedding URLs in digital media files is available at http://msdn.microsoft.com/library/en-us/dnwmt/html/wmp7_urlflips.asp .

Real's page on synchronized multimedia is http://service.real.com/help/videoccg/synchmm.html.

A demonstration of the issue is at http://www.pc-radio.com/camouflage.html .

Reported by Newsbytes, http://www.newsbytes.com .

11:59 CST
Reposted 12:11 CST

(20020225 /WIRES ONLINE, PC, LEGAL, BUSINESS, TELECOM/HOLE/PHOTO)


© 2001 The Washington Post Company
__________________

*Official BrightFort Website*
*SpywareBlaster*

*Please note: I am not responsible if any advice herein causes any trouble whatsoever *
 

Wilders Security Forums > Other Security Topics > other security issues & news « Previous Thread | Next Thread »

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Settings
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -4. The time now is 05:12 PM.

Contact Us - SSL - Wilders Security - Archive - TOS/Privacy - Top

Powered by vBulletin® Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Copyright ©2002 - 2013, Wilders Security Forums