hello to all! encase you haven't heard, the following was received via the winamp for the blind list. thank you so much shane ----- Original Message ----- From: "Aman Singer" <aman@xxxxxxxxxxx> To: <winamp4theblind@xxxxxxxxxxxxxxx> Sent: Thursday, December 26, 2002 11:23 AM Subject: Winamp 2.81 is vulnerable to attack by MP3s > Hi, All. > I got this from the PC-audio list, and it's something which I think may be > important to those of us who use winamp 2.81. > Aman > > > -----Original Message----- > From: Julie M. [mailto:jewelsong21@xxxxxxx] > Sent: Thursday, December 26, 2002 10:48 AM > Subject: Wired News Beware the Latest MP3 Worms > > > Wired News: Beware the Latest MP3 Worms > > Beware the Latest MP3 Worms > > By Michelle Delio | Also by this reporter Page 1 of 1 > > 04:30 PM Dec. 18, 2002 PT > > Music file swappers may unknowingly be sharing their computers as well as > their favorite tunes. > > Two new security vulnerabilities, disclosed late Wednesday, allow an > attacker to completely take over a computer system by using malicious music > files. > The first vulnerability is present in the Microsoft Windows XP operating > system. This vulnerability can be exploited when a user simply lets the > cursor hover over the file icon for the malicious MP3, or opens a folder > where the file is stored. > > The second is found in Nullsoft's Winamp, a popular Windows media jukebox > player. > > Both vulnerabilities were discovered by security firm Foundstone, and fixes > were immediately available. However, some users reported they were having > difficulties locating the Winamp fix. > > "The ubiquity of file-swapping services makes it the perfect attack vector > for a malicious MP3 file," Foundstone CEO George Kurtz said. "That is why it > is imperative to patch your systems immediately." > > The Windows XP vulnerability, which Microsoft calls "Unchecked Buffer in > Windows Shell Could Enable System Compromise," can be exploited through an > MP3 or WMA audio file. > > The malicious audio file can be placed on a website, sent in an e-mail or > stored on a shared network drive. > > Users do not need to click on, load or play the audio file to compromise > their computers. If a user simply holds the mouse pointer over the icon for > the malicious file, or opens the folder where the file is stored, the > vulnerable code is activated, Kurtz said. > > Once the malicious file's code has been activated, an attacker can gain > complete remote control over the affected system, including creating, > modifying or deleting data, reconfiguring the system, reformatting the hard > drive or running programs of the attacker's choice. > > Microsoft advised all users of Microsoft Windows XP to apply the patch > immediately. > > Microsoft has rated the Windows Shell vulnerability as "critical" under the > company's new security rating system, which was instituted last month. > Exploits ranked critical are particularly worrisome, as this ranking > indicates an "automatic" vulnerability, one that can be activated without a > user taking any action, such as clicking on an e-mail attachment. > > The second vulnerability affects users of Winamp, a popular media jukebox > player for Windows. Again, a malicious MP3 file allows an attacker to take > control over an affected system. > > The vulnerability is exploited using a long artist ID3v2 tag. If an MP3 with > a malformed tag is loaded in Winamp version 2.81, a remote attacker can take > over the system. > > Foundstone also discovered a similar problem in Winamp 3.0. An attacker can > create a malicious MP3 file with malformed ID3v2 tags which, when loaded on > the Media Library window, can compromise the computer and allow for remote > code execution. > > Nullsoft has released fixed versions of Winamp 2.81 and Winamp 3.0. But as > of late Wednesday, Nullsoft did not have an alert on its website advising > users of the need to download the fixed versions. > > Foundstone's alert advises Winamp 2.81 users to upgrade to Winamp 3.0 or > re-download Winamp 2.81; the version now on Nullsoft's website has been > fixed. > > Users of Winamp 3.0 build No. 488 (built Dec. 15) are safe, but users of all > other versions of Winamp 3.0 need to re-download the now-fixed version of > Winamp 3.0. Users can find version information in the About Winamp3 dialog > box. > > > > Have a comment on this article? Send it > > More stories written by Michelle Delio > > > > > Page 1 of 1 > > Related Stories > MS Takes Hard Line on Security Nov. 14, 2002 > Report: Net Not Getting Any Safer Oct. 09, 2002 > List: Windows, Unix Still at Risk Oct. 03, 2002 > Who's Running the Digital Show? Sep. 18, 2002 > Sneakernet Redux: Walk Your Data Aug. 26, 2002 > > > > -------------------------------------------------------------------------- -- > ---- > > Wired News: Staff | Contact Us | Advertising > We are translated daily into Spanish, Portuguese, and Japanese > © Copyright 2002, Lycos, Inc. All Rights Reserved. > Your use of this website constitutes acceptance of the Lycos Privacy Policy > and Terms & Conditions > Note: Wired News content is accessible to all versions of every browser. > However, this browser may not support basic Web standards, preventing the > display of our site's design details. We support the mission of the Web > Standards Project in the campaign encouraging users to upgrade their > browsers. (Read More) > > > > > [Non-text portions of this message have been removed] > > > ------------------------ Yahoo! Groups Sponsor ---------------------~--> > Get 128 Bit SSL Encryption! > http://us.click.yahoo.com/CBxunD/vN2EAA/xGHJAA/mjFolB/TM > ---------------------------------------------------------------------~-> > > To unsubscribe from this group, send an email to: > pc-audio-unsubscribe@xxxxxxxxxxxxxxx > > > > Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ > > > > > > ====================================================================<<< > Freeserve AnyTime, all the Internet you want for only 13.99 per month with one m > onth's FREE trial! > Be free to do whatever you want. Be Freeserve. Sign-up at http://ad.uk.doublecli > ck.net/clk;4858830;7443368;w?http://www.freeserve.com/time/anytime/ > > ====================================================================>>> > -- > If you want to share pictures, use the calendar, or start a vote > visit http://www.smartgroups.com/groups/winamp4TheBlind > > To leave the Group, email: winamp4TheBlind-unsubscribe@xxxxxxxxxxxxxxx >