views:

61

answers:

2

Can *.avi or any media file contain any script or dangerous code? Today i saw following message in Microsoft Security Essentials:

Category: Trojan Downloader

Description: This program is dangerous and downloads other programs.

Recommendation: Remove this software immediately.
Items: 
containerfile:C:\Users\...\amediafilename.avi
file:C:\Users\...\amediafilename.avi->(ASF_Script_Commands)

if it's true: Commonly any media player opens file in read-only mode and they can't create a file in hard disk without user permission. Is any programming tecnique here or what?

The main question is:Did any application that we create have some bug like players and we dont know?

+1  A: 

These dangerous files (in general, any file can pose a treat) exploit a bug in a certain program or driver, usually via a buffer overflow. If your program uses that driver/helper/whatever, it can possibly lead to the virus being downloaded by proxy, even if your program is bug-free.

Femaref
Thanks for answer! But is there any way to protect client computer from these kind of attacks or it's OS or Antivirus responsibility?
Jalal Amini
Fixing this is duty of the producer that created the buggy software - only thing you can do is user education: "don't play files from places you don't know" etc etc etc.
Femaref
+1  A: 

With the media files, they generally attack (or exploit) the codec that runs them. Because of this, the exploit code will run with the same permissions as the user running your application - if the user is running your app as admin (or is just running as admin on non UAC systems) then the exploit has full rights.

The rule is: never trust the input. If you run/execute external files (even via a linked library or embedded third party control) then you should avoid requiring that your app run as admin.

slugster