[vorbis] vorbis_example.c

[Amy Schoenhofen]

Caught this on Slashdot (yes, I know, a paragon of good information). No
chance, Ogg fails in the same way, does it? I ask because I think the
vast, vast majority of Ogg files are played back with WinAmp 3.0.

"Foundstone, a Mission Viejo, CA security services company, is reporting
several vulnerabilities that would allow malicious code embedded in MP3
and WMA files to be executed via WinXP and WinAmp. WinAmp versions 2.81
and 3.0 are vulnerable to buffer overflows via certain long ID3v2 tags
when MP3 files are loaded. More troubling is the WinXP vulnerability: A
buffer overflow exists in Explorer's automatic reading of MP3 or WMA
(Windows Media Audio) file attributes in Windows XP. An attacker could
create a malicious MP3 or WMA file, that if placed in an accessed folder
on a Windows XP system, would compromise the system and allow for remote
code execution. The MP3 does not need to be played, it simply needs to
be stored in a folder that is browsed to, such as an MP3 download
folder, the desktop, or a NetBIOS share. This vulnerability is also
exploitable via Internet Explorer by loading a malicious web site.
Explorer automatically reads file attributes regardless of whether or
not the user actually highlights, clicks on, reads, or opens the file.
Windows XP's Explorer will overflow if corrupted attributes exist within
the MP3 or WMA file. Microsoft has issued a fix for this vulnerability.
Nullsoft has posted fixed version of WinAmp 2.81 and 3.0 on their web
site."

Here's a url to the press release from Foundstone:

http://www.foundstone.com/knowledge/randd-advisories-display.html?id=338

<p>--- >8 ----
List archives:  http://www.xiph.org/archives/
Ogg project homepage: http://www.xiph.org/ogg/
To unsubscribe from this list, send a message to 'vorbis-request at xiph.org'
containing only the word 'unsubscribe' in the body.  No subject is needed.
Unsubscribe messages sent to the list will be ignored/filtered.