[Am-info] Microsoft flaws could hit music traders

Mitch Stone mitch@accidentalexpert.com
Thu, 19 Dec 2002 08:55:03 -0800 

If we tried to discuss every security issue with Microsoft software, 
we'd have a new topic every five days or so -- but this one does seem 
different. It appears (at first blush, at least) to be deliberate.

--------

Microsoft flaws could hit music traders

By Robert Lemos
Staff Writer, CNET News.com
December 18, 2002, 5:12 PM PT

A security firm on Wednesday warned that people using Windows XP or 
popular music player WinAmp could fall prey to a vulnerability, 
enabling a modified music file to take control of a person's PC.

Flaws in both pieces of software could introduce malicious MP3 or 
Windows Media files--which sound identical to unmodified music--into 
the file-swapping systems, said George Kurtz, CEO of Foundstone.

"These particular vulnerabilities are definitely attack vectors for any 
people or entity that is looking to go after those that are taking part 
in file-swapping activities," he said.

The music industry and Hollywood are eyeing such hacking tactics as a 
way to stop file swappers from trading copyrighted music in the future. 
A bill sponsored by Rep. Howard Berman, D-Calif., and Howard Coble, 
R-N.C., and introduced into the U.S. House of Representatives in July, 
would allow copyright owners limited rights to hack into peer-to-peer 
networks.

Such attacks could take advantage of flaws similar to the two found by 
Mission Viejo, Calif.-based Foundstone.

The flaw in Windows XP can force the operating system to run code when 
a music file is played by Windows Explorer, the operating system's 
file-browsing application. Even placing the mouse pointer over a file 
icon--opening a preview of the file--could trigger the file's payload, 
if it has one. The vulnerability does not affect the Windows Media 
Player, according to details posted by Microsoft in its advisory.

The vulnerability occurs because certain attributes of the files can be 
loaded with bad data that affect the amount of memory that Microsoft's 
Windows allocates for the information. Known as a buffer overflow, such 
problems are a common software security problem.

People who use NullSoft's popular WinAmp software also have to watch 
out, said Foundstone's Kurtz. WinAmp has a similar flaw that allows 
code to run when certain multimedia tags in MP3 and WMA files are 
loaded with too much data. Kurtz said that the company has notified 
NullSoft and has a patch prepared. A representative for the software 
maker couldn't be reached for comment.

This is the second time in recent months that Microsoft has had a 
problem with a common multimedia format. In November, the company 
warned that its operating system's mishandling of the PNG (portable 
network graphics) image format could allow a malicious program to 
compromise a person's computer. Microsoft later upgraded the severity 
of that vulnerability to "critical."

Other multimedia formats are also becoming targets for Internet 
attacks. Web software maker Macromedia warned last week that a flaw in 
its Shockwave Flash Player, a popular browser plug-in for animating Web 
graphics, could leave Internet users open to attack.

The patch for Windows XP is available through Microsoft's Windows 
Update service. The newest version of NullSoft's WinAmp is available on 
the company's WinAmp site.