A security firm on Wednesday warned that people using Windows XP or popular music player WinAmp could fall prey to a vulnerability, enabling a modified music file to take control of a person"s PC. Flaws in both pieces of software could introduce malicious MP3 or Windows Media files--which sound identical to unmodified music--into the file-swapping systems, said George Kurtz, CEO of Foundstone.
"These particular vulnerabilities are definitely attack vectors for any people or entity that is looking to go after those that are taking part in file-swapping activities," he said. The music industry and Hollywood are eyeing such hacking tactics as a way to stop file swappers from trading copyrighted music in the future. A bill sponsored by Rep. Howard Berman, D-Calif., and Howard Coble, R-N.C., and introduced into the U.S. House of Representatives in July, would allow copyright owners limited rights to hack into peer-to-peer networks.
Such attacks could take advantage of flaws similar to the two found by Mission Viejo, Calif.-based Foundstone. The flaw in Windows XP can force the operating system to run code when a music file is played by Windows Explorer, the operating system"s file-browsing application. Even placing the mouse pointer over a file icon--opening a preview of the file--could trigger the file"s payload, if it has one. The vulnerability does not affect the Windows Media Player, according to details posted by Microsoft in its advisory.