I’ve mentioned before that while I am philosophically in favor of file sharing (although we have to figure out a way to pay the artists and songwriters), I don’t much like it for myself: I have more music than I can listen to on CD and vinyl, and the CDs keep coming in.
I also can tell the difference in sound between a CD and an MP3, which sounds tinny to me; and, I don’t have the time to sit at the computer and search for songs, then wait for them to download. The quality of the file via the file-sharing networks also varies widely: you just don’t know what you are getting.
None of that is insurmountable and now that I am DJing again, I can see snagging a song now and then – but this is serious:
- Two new security vulnerabilities, disclosed late Wednesday, allow an attacker to completely take over a computer system by using malicious music files.
The first vulnerability is present in the Microsoft Windows XP operating system. This vulnerability can be exploited when a user simply lets the cursor hover over the file icon for the malicious MP3, or opens a folder where the file is stored.
The second is found in Nullsoft’s Winamp, a popular Windows media jukebox player.
Both vulnerabilities were discovered by security firm Foundstone, and fixes were immediately available. However, some users reported they were having difficulties locating the Winamp fix.
“The ubiquity of file-swapping services makes it the perfect attack vector for a malicious MP3 file,” Foundstone CEO George Kurtz said. “That is why it is imperative to patch your systems immediately.”
The Windows XP vulnerability, which Microsoft calls “Unchecked Buffer in Windows Shell Could Enable System Compromise,” can be exploited through an MP3 or WMA audio file.
….Microsoft advised all users of Microsoft Windows XP to apply the patch immediately. [Wired]
I would take care of it right away; but remember, where there are these, there may be more.