Flaw leaves XP vulnerable to attackers in MP3 disguise
Buffer overflow in Windows Shell could compromise XP
The last major vulnerability Microsoft reported in 2002 was a big one, and it affects all Windows XP users. The vulnerability is a critical flaw in XP that could allow an attacker to completely compromise a system using a fake MP3 or WMA file. Get the details on this flaw and learn how to safeguard your systems.
\http://cl.com.com/Click?q=ab-ZcMKQYpJb4_Kewc7DsRaJt8UwzVz
If you don't feel like signing up, this is what it says:
The second Critical Security Bulletin from Microsoft since it instituted its new rating system affects all Windows XP users. An exploit of this flaw could allow attackers to run arbitrary code on the vulnerable systems.
Microsoft Security Bulletin MS02-072, “Unchecked Buffer in Windows Shell Could Enable System Compromise,” was the last major vulnerability addressed by Microsoft in 2002, and the company recommends that XP users apply the provided patch immediately.
Details
The Windows Shell is, of course, the user interface best known to most users as the desktop. Although there have been earlier security problems with Windows Media Player, this particular vulnerability lies in the Windows Shell itself and isn’t related to WMP, so playing an audio file using that application doesn’t increase the threat, nor does removing it reduce the danger. For some reason, this is actually listed by Microsoft as a “mitigating factor.”
MP3 or WMA audio files containing a corrupt custom attribute can exploit this vulnerability, so an attacker could potentially post a compromising file on a Web site (or even a P2P network), or send it via e-mail or IM and trick the recipient into saving the file to the XP desktop. Accessing the file could then trigger an attack. The audio file wouldn’t necessarily contain any sounds, so the victim might never know he or she had triggered it.
In keeping with its new policy, Microsoft has also posted a more basic version of this bulletin intended for end users and other less technical readers. These end-user security bulletins are extremely elementary, but administrators may occasionally want to forward the simplified versions to some users or upper management to save time in writing up a report on the threat.
CVIII