Re: Are WAV files dangerous?

From: Jose Maria Lopez Hernandez (jkerouac_at_bgsec.com)
Date: 09/02/04


Date: Thu, 02 Sep 2004 21:44:20 +0200

Bright wrote:

> However, whether such a crafted WAV file can have an impact on a
> target system is entirely dependant on the type of application which
> is used upon it -
> If you receive a crafted WAV file and don't do anything more with it
> then it cannot have an impact.
> If you load a crafted WAV file into an WAV player then it may have an
> impact, particularly if the crafted vulnerability is aimed at your
> specific WAV player (although other players may crash or evidence
> other instability in the light of these non-standard WAV elements).

But that's true for almost every exploit you have out there. It only
will work if it has one concrete application or version of that
application listening to the data, so the case it's the same for WAV
files, they could be seen (if there would be any of them) as exploits
for some player.

-- 
Jose Maria Lopez Hernandez
Director Tecnico de bgSEC
jkerouac@bgsec.com
bgSEC Seguridad y Consultoria de Sistemas Informaticos
http://www.bgsec.com
ESPAŅA
The only people for me are the mad ones -- the ones who are mad to live,
mad to talk, mad to be saved, desirous of everything at the same time,
the ones who never yawn or say a commonplace thing, but burn, burn, burn
like fabulous yellow Roman candles.
                 -- Jack Kerouac, "On the Road"