Security experts are warning of a vulnerability in MP3 and Windows Media files that can be activated simply by a user hovering a mouse over an infected file. The vulnerability could let attackers take over a user's PC.
The flaw in Windows XP can force the operating system to run code when a music file is played by Windows Explorer, the operating system's file-browsing application. Hovering the mouse pointer over a file will open a preview of it and trigger the file's payload, if it has one. The vulnerability doesn't affect Windows Media Player, Microsoft says.
The popular Nullsoft Winamp free media player is also vulnerable.
Further information and patches to Windows and Winamp are available in several places on the Web: the CERT Coordination Center at Carnegie Mellon University; Foundstone, with advisories for both Windows XP and Winamp; Microsoft; and Nullsoft, which has an update to Winamp.