Vulnerability Found In MP3 And Windows Media Files

Flaw can let an attacker take over a user's PC if the user lets mouse hover over an infected file.

InformationWeek Staff, Contributor

December 20, 2002

1 Min Read
InformationWeek logo in a gray background | InformationWeek

Security experts are warning of a vulnerability in MP3 and Windows Media files that can be activated simply by a user hovering a mouse over an infected file. The vulnerability could let attackers take over a user's PC.

The flaw in Windows XP can force the operating system to run code when a music file is played by Windows Explorer, the operating system's file-browsing application. Hovering the mouse pointer over a file will open a preview of it and trigger the file's payload, if it has one. The vulnerability doesn't affect Windows Media Player, Microsoft says.

The popular Nullsoft Winamp free media player is also vulnerable.

Further information and patches to Windows and Winamp are available in several places on the Web: the CERT Coordination Center at Carnegie Mellon University; Foundstone, with advisories for both Windows XP and Winamp; Microsoft; and Nullsoft, which has an update to Winamp.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like


More Insights