tags:

views:

61

answers:

2
+1  Q: 

Dangerous AVI files? Is any application which can open a media file under attack?

Can *.avi or any media file contain any script or dangerous code? Today i saw following message in Microsoft Security Essentials:

Category: Trojan Downloader

Description: This program is dangerous and downloads other programs.

Recommendation: Remove this software immediately.
Items: 
containerfile:C:\Users\...\amediafilename.avi
file:C:\Users\...\amediafilename.avi->(ASF_Script_Commands)

if it's true: Commonly any media player opens file in read-only mode and they can't create a file in hard disk without user permission. Is any programming tecnique here or what?

The main question is:Did any application that we create have some bug like players and we dont know?

+1  A: 

These dangerous files (in general, any file can pose a treat) exploit a bug in a certain program or driver, usually via a buffer overflow. If your program uses that driver/helper/whatever, it can possibly lead to the virus being downloaded by proxy, even if your program is bug-free.

Femaref  2010-09-05 13:02:32
Thanks for answer! But is there any way to protect client computer from these kind of attacks or it's OS or Antivirus responsibility?
Jalal Amini  2010-09-05 13:04:59
Fixing this is duty of the producer that created the buggy software - only thing you can do is user education: "don't play files from places you don't know" etc etc etc.
Femaref  2010-09-05 13:24:52
+1  A: 

With the media files, they generally attack (or exploit) the codec that runs them. Because of this, the exploit code will run with the same permissions as the user running your application - if the user is running your app as admin (or is just running as admin on non UAC systems) then the exploit has full rights.

The rule is: never trust the input. If you run/execute external files (even via a linked library or embedded third party control) then you should avoid requiring that your app run as admin.

slugster  2010-09-05 13:24:44

related questions

Web pages to print media -- solutions?
Django: how do you serve media / stylesheets and link to them within templates
Free streaming server for Voip server
Rendering on top of Adobe AIR
real media clip info editor
Protecting image media in an web application
with just a plain html and js file, how can i force a link to an mp3 to download instead of just play?
Flash Media Server/PHP Application
Open Source Web Service/WCF media streamer
What do you use to test the handheld css on your website?
How can I create a video from a directory of images in C#?
Resources for getting started with MCML?
What are good sites for free sounds that developers can use in applications?
@import in @media not working in Firefox 3.0.3
WAV file auto repeat in C#
Flex media framework
Hide triangle of dropdownlist when using css with media print
time length of an mp3 file
How do you find media resources for game-dev?
Is using Dexter's character sprite okay, or do I have to...
Slowing down the playback of an audio file without changing its pitch?
How to interact with Windows Media Player in C#
Where do you get good icons/images for applications & web apps?
Best way to enumerate all available video codecs on Windows?
Embedding Windows Media Player for all Browsers