Virus Guy <Virus@Guy.com> wrote in news:507778FD.E4140DE4@Guy.com:

> "David H. Lipman" wrote:
>
>> >> It it even possible that when launched from a media-player (such
>> >> as VLC) that there exists a class of avi, mp3, flac (etc) malware
>> >> that can leverage a player vulnerability and cause it to run
>> >> arbitrary code?
>> >
>> > Yes.
>> >
>> > Some specific players could be tricked into visiting a maliciously
>> > formed website embedded in the id3tags.
>
>> > The Wimad trojan
>
> So basically these boil down to browser exploits. A URL launched from
> Windoze Media Player is still a browser exploit.
>
> And they're not even exploits - they depend on user action in the
> browser to allow what-ever operation they're trying to accomplish (ie
-
> social engineering).
>
> What I'm asking about is a media file that upon playing can cause any
> media player to run arbitrary code WITHOUT NEEDING THE USER'S HELP,
and
> thereby cause the user's system to download secondary payloads, change
> registry settings, etc. All without enlisting the system's web-
browser.
>
> Has there ever been a media file (mp3, avi, flac, etc) that could
> accomplish that?

Due to some badly written players, one could corrupt the tag and cause a
code execution via buffer overrun exploit, yes.

AVis and mp3s did have this issue at one point. It wasn't just making
your browser open a webpage all the time.




--
There ain't no rest for the wicked. Money don't grow on trees. I got
bills to pay. I got mouths to feed. Ain't nothing in this world for
free. Oh No. I can't slow down, I can't hold back though you know I wish
I could. Oh no there ain't no rest for the wicked, until we close our
eyes for good.