janedough250164@dontsendhotmail.com wrote:
> I was just reading that information inherent in a wmv file can execute
> other files (see below). Is there any way to determine if there's
> code in a wmv file before opening it with WM Player or Media Player
> Classic (or another program)?
>
>
>
>
>
>
>
>
> http://www.geocities.com/ResearchTri.../eng/safe.html
>
>
>> There is also an issue regarding Windows Media Player, which under
>> some
> environments may allow any media file which is opened by Windows Media
> Player to execute some local files (depending on their extensions, but
> including some executable extensions) as long as the name and path of
> the file are given in that media file. The issue, has to do with the
> ability of .wmv files to refer to an Internet address (the accurate
> term should be URL rather than "Internet address"). This address can
> also be a location of a local file in the computer. In such a case,
> the wmv file can instruct Windows Media Player to execute a local
> executable file, as long as the location and name of the file are
> given in the .wmv file. As you should already know, the WMV file may
> have any extension as long as it is opened by Windows Media Player.
> There is a way to block an exploitation of this security hole, and it
> involves tweaking the registry keys. The instruction is relevant to
> Internet Explorer versions 4 and above. It has to do with disabling
> the "Download unsigned ActiveX controls", in the "My Computer"
> security zone.
>>
>> We shall not give here full explanation, but only comment that this
> activity is done with the help of components from Internet Explorer.
> The needed tweaking is to use a registry editor, and in the following
>> registry key:
>> HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet
>> Settings\Zones\0 to change the value of the "1004" entry to contain
>> a DWORD value of 3. ("HKCU" stands for HKEY_CURRENT_USER).

That's what a good anti-virus program is for. (or process guard or the paid
version of kiero) Note the link you provided is nearly 5 years old.

--
Mike Pawlak