Malicious MP3s? MS and WinAmp Flaws Found.

By Richard Menta 12/19/02

Every several months there is a warning of an MP3 virus out that will destroy the contents of anyone who plays a corrupted MP3 file. The truth was that MP3's are not executable files and therefore could not become viruses.

But new intrusion techniques come along all the time and if a particular music file cannot do direct damage as a virus, it might be able to exploit the programs that run them and take control through the player. That is what security company Foundstone in announcing

Yesterday Foundstone CEO George Kurtz announced that flaws in two popular music players could allow a MP3 or WMA file that has been modified to take possession of an individual's PC.

The Archos Multimedia Jukebox is available on Amazon

Both Windows XP's music player and WinAmp are vulnerable to buffer overflow attacks. As stated in Foundstone's press release:

"An attacker could create a malicious MP3 or WMA file, that if placed in an accessed folder on a Windows XP system, would compromise the system and allow for remote code execution. The MP3 does not need to be played, it simply needs to be stored in a folder that is browsed to…this vulnerability is also exploitable via Internet Explorer by loading a malicious web site. A Windows XP user visiting the site using Internet Explorer would be remotely compromised without any warning or download of files regardless of Internet Explorer security settings".

According to Kurtz "These particular vulnerabilities are definitely attack vectors for any people or entity that is looking to go after those that are taking part in file-swapping activities."

Which brings to thought the notorious Berman bill that would allow the content industry to legally hack into the computers of individuals. The bill itself has been pulled for retooling, but should it ever see the light of day, this is the type of vulnerability that the likes of the Record Industry Association of America (RIAA) could exploit in their quest to stem the course of file trading.

Foundstone has notified both companies who have developed patches for the vulnerabilities and posted them on their sites. You can see Foundstone's warning here for further details on the Windows Media Player and WinAmp flaws.


The Nomad Zen can be ordered from Amazon.

Other MP3 Stories:
Jon Johansen - v - Hollywood
Broadcast Flag - to be, or not to be?
eDonkey/Overnet Interview
Consumer attitudes and the record industry


Back to