Welcome to WebmasterWorld Guest from 188.8.131.52
Forum Moderators: phranque
A quirk in media players from Microsoft and RealNetworks could enable attackers to hijack Web browsers and run scripts on the computers of some MP3 music fans. The trick has apparently been discovered by pornography sites and spammers, which have been seeding some music file trading services with bogus MP3 music files.
One such MP3 file, ostensibly containing the music of the Los Angeles-based rock group Lifehouse, launched a pornographic video and generated a "massive" amount of pop-up ads when played back on the Windows Media Player from Microsoft, according to one newsgroup report.
Full article at securityfocus.com [online.securityfocus.com]
I had to force a restart and then they automatically opened on boot. I clear the registry, *.ini files, start menu everything and they still came. I had to format the disk a start from scratch. I was using Win2000 Server (sp2 with all the updates) and IE6 (with all the updates).
Does anybody know if this is just limited to those players and not a few of the other brands? I know people who download music though a network i am responsible for.
It sounds like in addition to another IE security hole, their is a pretty wide breach in the mentioned players.
If you attempted to play the errant file with another player, such as Winamp of Musicmatch, the file would not execute.
This one is going to be talked about loudly, I am certain.