Re: Are WAV files dangerous?

From: Jose Maria Lopez Hernandez (
Date: 09/02/04

  • Next message: Devdas Bhagat: "Re: Best 'ware to stop registry changes ... ?"
    Date: Thu, 02 Sep 2004 21:44:20 +0200

    Bright wrote:

    > However, whether such a crafted WAV file can have an impact on a
    > target system is entirely dependant on the type of application which
    > is used upon it -
    > If you receive a crafted WAV file and don't do anything more with it
    > then it cannot have an impact.
    > If you load a crafted WAV file into an WAV player then it may have an
    > impact, particularly if the crafted vulnerability is aimed at your
    > specific WAV player (although other players may crash or evidence
    > other instability in the light of these non-standard WAV elements).

    But that's true for almost every exploit you have out there. It only
    will work if it has one concrete application or version of that
    application listening to the data, so the case it's the same for WAV
    files, they could be seen (if there would be any of them) as exploits
    for some player.

    Jose Maria Lopez Hernandez
    Director Tecnico de bgSEC
    bgSEC Seguridad y Consultoria de Sistemas Informaticos
    The only people for me are the mad ones -- the ones who are mad to live,
    mad to talk, mad to be saved, desirous of everything at the same time,
    the ones who never yawn or say a commonplace thing, but burn, burn, burn
    like fabulous yellow Roman candles.
                     -- Jack Kerouac, "On the Road"

  • Next message: Devdas Bhagat: "Re: Best 'ware to stop registry changes ... ?"