How exploit vulnerability? (ie: like .mp3)
Results 1 to 9 of 9

Thread: How exploit vulnerability? (ie: like .mp3)

  1. #1
    Junior Member
    Join Date
    Jan 2003
    Posts
    6

    Question How exploit vulnerability? (ie: like .mp3)

    Thanks guys so far, but after reading some stuff I have some more questions.
    I read about the Windows XP vulnerability with bad mp3 files which can crash your computer.
    Now, my question is, how do they do that? Obviously, I don't know how to program so I'm a little clueless on that part. But is there some sort of explination that could be made in simpler terms?
    Teach me what you know, I want to learn it all...

  2. #2
    Senior Member
    Join Date
    Jan 2002
    Posts
    244

    Re: How exploit vulnerability? (ie: like .mp3)

    Windows XP reads information from the digital music files, a feature that hackers can use to insert their own code, allowing them to get into your computer and change or kill data there.

    http://www.suntimes.com/output/tech/cst-nws-hack20.html
    i m gone,thx everyone for so much fun and good info.
    cheers and good bye

  3. #3
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325
    Source
    Foundstone tagged its highest warning label on the vulnerability, warning that it is very easy to exploit. "The MP3 does not need to be played, it simply needs to be stored in a folder that is browsed to, such as an MP3 download folder, the desktop, or a NetBIOS share. This vulnerability is also exploitable via Internet Explorer by loading a malicious web site.
    Here is a more detailed article about the vulnerablility.
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  4. #4
    Senior Member tampabay420's Avatar
    Join Date
    Aug 2002
    Posts
    953

    Re: Re: How exploit vulnerability? (ie: like .mp3)

    Originally posted here by kadeng
    Windows XP reads information from the digital music files, a feature that hackers can use to insert their own code, allowing them to get into your computer and change or kill data there.

    http://www.suntimes.com/output/tech/cst-nws-hack20.html
    If kadeng is correct, this is called code insertion (some one please correct me if i'm wrong)... This usually goes hand-in-hand with buffer-overflows...

    Code Insertion and Buffer Overflows explained: http://www.cultdeadcow.com/cDc_files/cDc-351/
    yeah, I\'m gonna need that by friday...

  5. #5
    Webius Designerous Indiginous
    Join Date
    Mar 2002
    Location
    South Florida
    Posts
    1,123
    taken from a SANS Critical vulnerability analysis email
    Description:
    The Windows Shell framework included with Windows XP contains a buffer
    overflow in the handling of large audio file attributes, allowing a
    malicious MP3 or WMA file to execute arbitrary code. Because Windows
    XP provides native support for parsing MP3 and WMA file attributes
    via Explorer, a malicious file would not need to be opened/played in
    order to exploit the vulnerability. If a user simply opens a folder
    containing the file, Explorer will read the file attributes and the
    buffer overflow will occur.

    Similarly, an XP user browsing a hostile website using Internet
    Explore could be remotely compromised simply by hovering their mouse
    over an icon for a malicious file. Further, under some circumstances,
    an HTML email can launch the attack automatically when the XP recipient
    opens or previews the email.

    Risk: Compromise of Windows XP machines at the privilege level of
    the XP user encountering the hostile audio file.

    Deployment: Widely deployed.

    Ease of Exploitation: Unknown.
    An attacker must create an audio file which carries a large, corrupt
    custom attribute. Given that there are a limited number of ways to
    manipulate attributes, an attacker may be able to gain substantial
    information through experimentation.

    Status: Vendor confirmed, patches available.

    References:
    Microsoft Advisory:
    http://www.microsoft.com/technet/sec...n/MS02-072.asp

    Foundstone Advisory:
    http://www.foundstone.com/knowledge/...ay.html?id=339

    Council Site Actions:
    Only a few of the Council sites reported use of the XP O/S within
    their organizations, all of which are very limited deployments.
    Several of the sites have notified their desktop support groups. One
    site will be rolling out the patches (via SMS) during the next regular
    patch update cycle.

    Most of the council sites use automatic AV signature updating software
    and are actively blocking MP3's (and other file types) at the network
    perimeters via web proxies. These actions greatly reduce the risk
    created by this vulnerability.

    Hope that clears it up a bit more.

  6. #6
    Junior Member
    Join Date
    Jan 2003
    Posts
    6
    Thanks for the information about the mp3 exploit but what about other exploits?
    I mean, how do people figure this stuff out? How do they write these codes to exploit these vulnerabilities?
    Teach me what you know, I want to learn it all...

  7. #7
    Senior Member tampabay420's Avatar
    Join Date
    Aug 2002
    Posts
    953
    PC Girl: The people who write/discover these exploits have a lot of time on their hands + most of them are very inquisitive people... The link i posted above explains overflows in detail... "Exploit" is far too large of a category to eplain in one post...

    Basically, these people look for bugs, trying everything, hoping something will work (or in this case, "not work") btw- a search on exploits brings up AntiOnline.com (where you can find tons of exploits, isn't that funny- to find sploits on a "security" site... + you wont find any patches or papers; on how to patch up holes?)
    yeah, I\'m gonna need that by friday...

  8. #8
    Junior Member
    Join Date
    Jan 2003
    Posts
    6
    Thanks for the above link, I have been reading it in parts.
    I know that exploits seem to be a large category to speak of, but besides the buffer overflows, are there other common vulnerabilities that surface often?
    Teach me what you know, I want to learn it all...

  9. #9
    Banned
    Join Date
    Mar 2002
    Posts
    968
    Like many guys have said, it's a rangeful subject.

    See, the mp3 exploit is just needed to inject code into the mp3 file.

    But here's another example of an exploit:
    Some websites (like AO) have disabled html tags on their message boards, guest books and other entry fields that users can input text. Why? because some users would enter html or java code that would either send a user to another site that contains bad code or to a "local" area on the computer (ie: /con/con on your computer - which doesn't exist, but crashes the computer on 98 and lower)

    Also, an old exploit with Hotmail was simply adding the hotmail account username at the end of the address line to see their account & have control over it (so long as they are logged in) This is by far a past exploit (I think '98) and is far from working.
    (ie: http://www.hotmail.com/...blah...jklfd%770:username)

    Some exploits need programs to be run to cause an error so to happen. One exploit on win2k is to cause a general protection fault with calc.exe and then do something and giving yourself permission level increase.

    Basically, read up on it with searches on the net with engines like google.com and wordings like how+do+exploits+work or windows98+exploit or other types of combinations....

    Basically, an exploit is using an error in the code and making the program do what it's not suppose to do. Hope that helps...

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •