[adaptech] this isn't junk!please read!
- From: "Shane C.A. Lush" <sca.lush@xxxxxxxxxxxx>
- To: <adaptech@xxxxxxxxxxxxx>, "Adam Macleod" <adam20@xxxxxxxxxx>
- Date: Thu, 26 Dec 2002 11:28:30 -0500
hello to all!
encase you haven't heard, the following was received via the winamp for the
blind list.
thank you so much
shane
----- Original Message -----
From: "Aman Singer" <aman@xxxxxxxxxxx>
To: <winamp4theblind@xxxxxxxxxxxxxxx>
Sent: Thursday, December 26, 2002 11:23 AM
Subject: Winamp 2.81 is vulnerable to attack by MP3s
> Hi, All.
> I got this from the PC-audio list, and it's something which I think may be
> important to those of us who use winamp 2.81.
> Aman
>
>
> -----Original Message-----
> From: Julie M. [mailto:jewelsong21@xxxxxxx]
> Sent: Thursday, December 26, 2002 10:48 AM
> Subject: Wired News Beware the Latest MP3 Worms
>
>
> Wired News: Beware the Latest MP3 Worms
>
> Beware the Latest MP3 Worms
>
> By Michelle Delio | Also by this reporter Page 1 of 1
>
> 04:30 PM Dec. 18, 2002 PT
>
> Music file swappers may unknowingly be sharing their computers as well as
> their favorite tunes.
>
> Two new security vulnerabilities, disclosed late Wednesday, allow an
> attacker to completely take over a computer system by using malicious
music
> files.
> The first vulnerability is present in the Microsoft Windows XP operating
> system. This vulnerability can be exploited when a user simply lets the
> cursor hover over the file icon for the malicious MP3, or opens a folder
> where the file is stored.
>
> The second is found in Nullsoft's Winamp, a popular Windows media jukebox
> player.
>
> Both vulnerabilities were discovered by security firm Foundstone, and
fixes
> were immediately available. However, some users reported they were having
> difficulties locating the Winamp fix.
>
> "The ubiquity of file-swapping services makes it the perfect attack vector
> for a malicious MP3 file," Foundstone CEO George Kurtz said. "That is why
it
> is imperative to patch your systems immediately."
>
> The Windows XP vulnerability, which Microsoft calls "Unchecked Buffer in
> Windows Shell Could Enable System Compromise," can be exploited through an
> MP3 or WMA audio file.
>
> The malicious audio file can be placed on a website, sent in an e-mail or
> stored on a shared network drive.
>
> Users do not need to click on, load or play the audio file to compromise
> their computers. If a user simply holds the mouse pointer over the icon
for
> the malicious file, or opens the folder where the file is stored, the
> vulnerable code is activated, Kurtz said.
>
> Once the malicious file's code has been activated, an attacker can gain
> complete remote control over the affected system, including creating,
> modifying or deleting data, reconfiguring the system, reformatting the
hard
> drive or running programs of the attacker's choice.
>
> Microsoft advised all users of Microsoft Windows XP to apply the patch
> immediately.
>
> Microsoft has rated the Windows Shell vulnerability as "critical" under
the
> company's new security rating system, which was instituted last month.
> Exploits ranked critical are particularly worrisome, as this ranking
> indicates an "automatic" vulnerability, one that can be activated without
a
> user taking any action, such as clicking on an e-mail attachment.
>
> The second vulnerability affects users of Winamp, a popular media jukebox
> player for Windows. Again, a malicious MP3 file allows an attacker to take
> control over an affected system.
>
> The vulnerability is exploited using a long artist ID3v2 tag. If an MP3
with
> a malformed tag is loaded in Winamp version 2.81, a remote attacker can
take
> over the system.
>
> Foundstone also discovered a similar problem in Winamp 3.0. An attacker
can
> create a malicious MP3 file with malformed ID3v2 tags which, when loaded
on
> the Media Library window, can compromise the computer and allow for remote
> code execution.
>
> Nullsoft has released fixed versions of Winamp 2.81 and Winamp 3.0. But as
> of late Wednesday, Nullsoft did not have an alert on its website advising
> users of the need to download the fixed versions.
>
> Foundstone's alert advises Winamp 2.81 users to upgrade to Winamp 3.0 or
> re-download Winamp 2.81; the version now on Nullsoft's website has been
> fixed.
>
> Users of Winamp 3.0 build No. 488 (built Dec. 15) are safe, but users of
all
> other versions of Winamp 3.0 need to re-download the now-fixed version of
> Winamp 3.0. Users can find version information in the About Winamp3 dialog
> box.
>
>
>
> Have a comment on this article? Send it
>
> More stories written by Michelle Delio
>
>
>
>
> Page 1 of 1
>
> Related Stories
> MS Takes Hard Line on Security Nov. 14, 2002
> Report: Net Not Getting Any Safer Oct. 09, 2002
> List: Windows, Unix Still at Risk Oct. 03, 2002
> Who's Running the Digital Show? Sep. 18, 2002
> Sneakernet Redux: Walk Your Data Aug. 26, 2002
>
>
>
> --------------------------------------------------------------------------
--
> ----
>
> Wired News: Staff | Contact Us | Advertising
> We are translated daily into Spanish, Portuguese, and Japanese
> © Copyright 2002, Lycos, Inc. All Rights Reserved.
> Your use of this website constitutes acceptance of the Lycos Privacy
Policy
> and Terms & Conditions
> Note: Wired News content is accessible to all versions of every browser.
> However, this browser may not support basic Web standards, preventing the
> display of our site's design details. We support the mission of the Web
> Standards Project in the campaign encouraging users to upgrade their
> browsers. (Read More)
>
>
>
>
> [Non-text portions of this message have been removed]
>
>
> ------------------------ Yahoo! Groups Sponsor ---------------------~-->
> Get 128 Bit SSL Encryption!
> http://us.click.yahoo.com/CBxunD/vN2EAA/xGHJAA/mjFolB/TM
> ---------------------------------------------------------------------~->
>
> To unsubscribe from this group, send an email to:
> pc-audio-unsubscribe@xxxxxxxxxxxxxxx
>
>
>
> Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
>
>
>
>
>
> ====================================================================<<<
> Freeserve AnyTime, all the Internet you want for only 13.99 per month with
one m
> onth's FREE trial!
> Be free to do whatever you want. Be Freeserve. Sign-up at
http://ad.uk.doublecli
> ck.net/clk;4858830;7443368;w?http://www.freeserve.com/time/anytime/
>
> ====================================================================>>>
> --
> If you want to share pictures, use the calendar, or start a vote
> visit http://www.smartgroups.com/groups/winamp4TheBlind
>
> To leave the Group, email: winamp4TheBlind-unsubscribe@xxxxxxxxxxxxxxx
>
Other related posts:
- » [adaptech] this isn't junk!please read!
