Feeds

XP audio vuln shout goes out

A word in your Shell-like

  • alert
  • submit to reddit

3 Big data security analytics techniques

XP users were warned last week of a critical buffer overflow flaw in Windows Shell that can be used to run arbitrary code on victims' PCs.

The vulnerability, discovered by application security firm Foundstone, involves a fault in a Windows Shell function used to extract custom attribute information from audio files. Windows Shell provides the framework of the Windows GUI and runs the Windows Desktop, among other functions.

By this time you're probably thinking the flaw is invoked when victims run a maliciously constructed audio file in Media Player. Actually the flaw is more subtle than this, as Microsoft explains.

"An attacker could seek to exploit this vulnerability by creating an .MP3 or .WMA file that contained a corrupt custom attribute and then host it on a website, on a network share, or send it via an HTML email. If a user were to hover his or her mouse pointer over the icon for the file (either on a web page or on the local disk), or open the shared folder where the file was stored, the vulnerable code would be invoked," it warns.

The upshot is you're no better off simply previewing an infected HTML email (if you haven't applied the infamous Outlook email security update than you would be attempting to play a dodgy media file.

The end result is the same: crash (Windows Shell fails), bang (buffer overflow) and owned (attackers malicious code executes on some poor sap's XP box).

Given the ease of exploitation (despite Microsoft's customary - and this time rather thin - mitigating factors spiel) and the number of users potentially affects, Redmond sensibly deems the vulnerability as critical.

XP users are advised to apply the patch immediately, by following the links from Microsoft's advisory here.

On a related note, Foundstone last week published details of buffer overflow flaws in Nullsoft's Winamp media playing software. Separate buffer overflow vulnerabilities affect Winamp 2.81 and Winamp 3.0 but lead to the same potential problem - remote code execution. Nullsoft has released patches which users are strongly advised to apply. ®

3 Big data security analytics techniques

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
Canadian teen accused of raiding tax computers using OpenSSL bug
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
Heartbleed exploit, inoculation, both released
File under 'this is going to hurt you more than it hurts me'
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.