Music File Security Vulnerability in Windows XP

Founding Wednesday (December 18), a security company in California, USA, warned that users of Windows XP and WinAmp music player software could become a victim of security breaches. This security vulnerability allows a modified music file to control the user's computer. George Kurtz, CEO of Foundstone, said the security vulnerabilities in the two software could make the same malicious MP3 files or Windows media files into the file exchange system as unmodified music files. Kurtz said that anyone or group that tracks those involved in file exchange activities can take advantage of these unique security vulnerabilities as targets for their attacks. The music industry and Hollywood are looking for such hacking as a way to prevent file exchangers from trading copyright music files in the future. Two US Representatives, Howard Berman and Howard Coble, proposed a bill to the House of Representatives in July to give copyright owners limited power to invade P2P networks. This type of attack can take advantage of this security vulnerability discovered by Foundstone Security. Security vulnerabilities found in Windows XP can force the operating system to run code when a Windows browser plays music files. If it is a malicious file, even if the user puts the mouse pointer over the icon of the file and opens the file preview, the malicious code of the file can be triggered to run. According to a security bulletin issued by Microsoft, this security vulnerability has no effect on Windows Media Player. Kurtz said users who use the popular WinAmp software from NullSoft should also pay attention. The same vulnerabilities in WinAmp software can also cause the system to run malicious code when there are too many file data in some MP3 and WMA formats. Foundstone Security has notified NullSoft to prepare a patch for this software. The representative of NullSoft did not comment on this. This is the second time Microsoft has had problems with the normal media file format in the past two months. Microsoft warned in November that its operating system incorrectly handling PNG image formats would allow malicious programs to control users' computers. Microsoft later upgraded the vulnerability to a "serious" rating. Windows XP patches will be available through the Microsoft Windows Update Service. The latest version of NullSoft's WinAmp software will be available on the company's website.