[Esd-l] What file-endings should be stopped for this ?

Tommy Lindqvist tommy.lindqvist at space.se
Wed Feb 27 07:05:01 PST 2002 

Yes,
the mp3 files are obvious choices for this. Mainly what I was wondering is
what other file endings may be used.

If I underkstood the report correctly, it is script sequences for 
Real Player that is used, so both Mediaplayer of version 7+ and Real player
would be vulnerable to next generation SirCamm.

( If I remember correctly, SirCamm fooled the (non)existant security
in Outlook by calling itself audio/wav even though it was a .exe file. )

Here comes a perfectly valid mediafile correctly identified as audio/wav,
and the correct application is launched, and then the script starts to run.

Thus the need to poison all kind of files that Mediaplayer/Realplayer opens
by default. 

I do not know all of them, although a good guess would be
.wav,.mp3,.mpg

Tommy


At 08:56 2002-02-27 -0600, Michael Geier wrote:
>Well, you can ask yourself "do my users need to be emailing each 
>other .mp3 files?"...
>
>1.  ( yes ) find a strong ceiling, a length of rope and a 
>		wobbily chair...
>2.  ( no  ) poison .mp3, or mangle .mp3 with a strong warning 
>		to your users about .mp3 files, URL-encoding and 
>		Windows Media Player
>
>Also, this only effects Windows Media Player (WMP).  Using Winamp, 
>the song actually stops before the first encoded URL.
>
>-----Original Message-----
>From: esd-l-admin at spconnect.com [mailto:esd-l-admin at spconnect.com]On
>Behalf Of Tommy Lindqvist
>Sent: Wednesday, February 27, 2002 2:41 AM
>To: esd-l at spconnect.com
>Subject: [Esd-l] What file-endings should be stopped for this ?
>
>
>http://www.pc-radio.com/camouflage.html
>
>( Windows using commands hidden in mp3-files. ( I do not know 
>what other endings may be used for these kind of players. ( 
>realplayer/Mediaplayer)))
>
>Regards,
>
>Tommy
>
>--
>Systems Manager      |\      _,,,---,,_      Saab Ericsson Space AB
>Postmaster          /,`.-'`'    -.  ;-;;,_   tommy.lindqvist at space.se
>                   |,4-  ) )-,_. ,\ (  `'-'  +46 (0)31 735 4391
>***************   '---''(_/--'  `-'_)
>Tommy Lindqvist
>_______________________________________________
>Esd-l mailing list
>Esd-l at spconnect.com
>http://www.spconnect.com/mailman/listinfo/esd-l
>
--
Systems Manager      |\      _,,,---,,_      Saab Ericsson Space AB
Postmaster          /,`.-'`'    -.  ;-;;,_   tommy.lindqvist at space.se
                   |,4-  ) )-,_. ,\ (  `'-'  +46 (0)31 735 4391
***************   '---''(_/--'  `-'_)
Tommy Lindqvist

More information about the esd-l mailing list