Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Security > Are WAV files dangerous?

Reply
Thread Tools

Are WAV files dangerous?

 
 
Franky
Guest
Posts: n/a
 
      08-15-2004
I am aware that some MP3s can exploit weaknesses in the player.
Eg. Winamp 2.81 http://www.securityfocus.com/archive/1/303934

But can a WAV file also be dangerous? Using Google, only a few
people say 'yes'. So is this just a myth?

If a WAV is actually dangerous then does AVG have the ability to
detect bad WAVs?
 
Reply With Quote
 
 
 
 
David H. Lipman
Guest
Posts: n/a
 
      08-15-2004
No, WAV files are not dangerous.

Dave




"Franky" <(E-Mail Removed)> wrote in message news:95466BA3363D31E75@127.0.0.1...
| I am aware that some MP3s can exploit weaknesses in the player.
| Eg. Winamp 2.81 http://www.securityfocus.com/archive/1/303934
|
| But can a WAV file also be dangerous? Using Google, only a few
| people say 'yes'. So is this just a myth?
|
| If a WAV is actually dangerous then does AVG have the ability to
| detect bad WAVs?


 
Reply With Quote
 
 
 
 
Thor Kottelin
Guest
Posts: n/a
 
      08-15-2004


"David H. Lipman" wrote:
>
> No, WAV files are not dangerous.


Any file - MP3, WAV or other - can be indirectly dangerous if loaded into a
vulnerable program. As an example, Microsoft Outlook Express used to suffer
from a vulnerability known as the "x-wav exploit". This was used by
BadTrans.

Therefore it is not enough to avoid intrinsically dangerous files - broken
software must also be avoided.

Follow-ups set.

Thor

--
http://www.anta.net/
 
Reply With Quote
 
John Coutts
Guest
Posts: n/a
 
      08-15-2004
In article <95466BA3363D31E75@127.0.0.1>, http://www.velocityreviews.com/forums/(E-Mail Removed) says...
>
>I am aware that some MP3s can exploit weaknesses in the player.
>Eg. Winamp 2.81 http://www.securityfocus.com/archive/1/303934
>
>But can a WAV file also be dangerous? Using Google, only a few
>people say 'yes'. So is this just a myth?
>
>If a WAV is actually dangerous then does AVG have the ability to
>detect bad WAVs?

******************* REPLY SEPARATER ********************
Generally speaking, any data file (.wav, .mpe, .gif) is not dangerous. It
cannot execute commands by itself.

For example, a document file (.doc) is in itself benign. When opened with a
program such as "Wordpad", it is harmless. But when opened with a program such
as "Word", imbedded scripts can be run that may not be harmless. The question
has more to do with the executing program than with the data files themselves,
and Microsoft has a habit of adding bells & whistles that execute in the
background without your knowledge. The default disabling of displaying file
extensions, and the default association of file extensions with specific
programs, is in my opinion one of the most insecure things that Microsoft has
ever done. I personally always open the program that I want to use, and then
load the data file.

J.A. Coutts

 
Reply With Quote
 
Criminal Element
Guest
Posts: n/a
 
      08-15-2004

"John Coutts" <(E-Mail Removed)> wrote in message news:(E-Mail Removed)...
> In article <95466BA3363D31E75@127.0.0.1>, (E-Mail Removed) says...
> >
> >I am aware that some MP3s can exploit weaknesses in the player.
> >Eg. Winamp 2.81 http://www.securityfocus.com/archive/1/303934
> >
> >But can a WAV file also be dangerous? Using Google, only a few
> >people say 'yes'. So is this just a myth?
> >
> >If a WAV is actually dangerous then does AVG have the ability to
> >detect bad WAVs?

> ******************* REPLY SEPARATER ********************
> Generally speaking, any data file (.wav, .mpe, .gif) is not dangerous. It
> cannot execute commands by itself.
>
> For example, a document file (.doc) is in itself benign. When opened with a
> program such as "Wordpad", it is harmless. But when opened with a program such
> as "Word", imbedded scripts can be run that may not be harmless. The question
> has more to do with the executing program than with the data files themselves,
> and Microsoft has a habit of adding bells & whistles that execute in the
> background without your knowledge. The default disabling of displaying file
> extensions, and the default association of file extensions with specific
> programs, is in my opinion one of the most insecure things that Microsoft has
> ever done. I personally always open the program that I want to use, and then
> load the data file.
>
> J.A. Coutts


If an MP3 was made to exploit the flaw, and renamed to .wav to avoid the scanner would
it still be handled by WinAmp as an MP3 after the OS sent it to WinAmp by extention assoc?
Would it still be a danger by you opening "from" the app?


 
Reply With Quote
 
Bill Unruh
Guest
Posts: n/a
 
      08-15-2004
(E-Mail Removed) (John Coutts) writes:

]In article <95466BA3363D31E75@127.0.0.1>, (E-Mail Removed) says...
]>
]>I am aware that some MP3s can exploit weaknesses in the player.
]>Eg. Winamp 2.81 http://www.securityfocus.com/archive/1/303934
]>
]>But can a WAV file also be dangerous? Using Google, only a few
]>people say 'yes'. So is this just a myth?
]>
]>If a WAV is actually dangerous then does AVG have the ability to
]>detect bad WAVs?
]******************* REPLY SEPARATER ********************
]Generally speaking, any data file (.wav, .mpe, .gif) is not dangerous. It
]cannot execute commands by itself.

Not really true. data files can be dangerous, if they interact with bugs in
the programs which they are data for. Thus the MP3 vulnerability.

Now wav files have very well defined data fields-- fixed length with no
terminating designation, which means it is pretty hard to make a buggy
reader.

]For example, a document file (.doc) is in itself benign. When opened with a
]program such as "Wordpad", it is harmless. But when opened with a program such
]as "Word", imbedded scripts can be run that may not be harmless. The question

That makes teh .doc file dangerous-- it usually interacts with a program
that is so complex that is certainly has bugs.


]has more to do with the executing program than with the data files themselves,
]and Microsoft has a habit of adding bells & whistles that execute in the
]background without your knowledge. The default disabling of displaying file
]extensions, and the default association of file extensions with specific
]programs, is in my opinion one of the most insecure things that Microsoft has
]ever done. I personally always open the program that I want to use, and then
]load the data file.

]J.A. Coutts

 
Reply With Quote
 
Anonymous
Guest
Posts: n/a
 
      08-15-2004
Franky <(E-Mail Removed)> wrote in news:95466BA3363D31E75@127.0.0.1:

> AV is actually dangerous then does AVG have the ability to
> detect bad WAVs?
>


Only executables can cause your computer to be infected by viruses. Non-
executable files, like images or WAV files can have viral code inserted
into them, but the viral code will never be executed, so they are not a
threat.
The main threat you may have is files with double extensions which can fool
the user into thinking the file is a WAV file, when in reality it is
executable. e.g. the file 'Nirvana - Smells like teen spirit.WAV.exe'
would look like a WAV file, but it is really an executable file in
disguise!

--
The email address used is fake. Any replies will not be read!
If you want to reply, reply to the newsgroup instead.

Visit my website!
http://storm.prohosting.com/compsecu
 
Reply With Quote
 
Mimic
Guest
Posts: n/a
 
      08-15-2004
Anonymous wrote:
> Franky <(E-Mail Removed)> wrote in news:95466BA3363D31E75@127.0.0.1:
>
>
>>AV is actually dangerous then does AVG have the ability to
>>detect bad WAVs?
>>

>
>
> Only executables can cause your computer to be infected by viruses. Non-
> executable files, like images or WAV files can have viral code inserted
> into them, but the viral code will never be executed, so they are not a
> threat.
> The main threat you may have is files with double extensions which can fool
> the user into thinking the file is a WAV file, when in reality it is
> executable. e.g. the file 'Nirvana - Smells like teen spirit.WAV.exe'
> would look like a WAV file, but it is really an executable file in
> disguise!
>


wrong

--
Mimic

"The voices have stopped now. But they had some good ideas."

"Without knowledge you have fear. With fear you create your own nightmares."
ZGF0YWZsZXhAY2FubmFiaXNtYWlsLmNvbQ== [ www.hidemyemail.net ]
 
Reply With Quote
 
Newman
Guest
Posts: n/a
 
      08-15-2004

> ]For example, a document file (.doc) is in itself benign. When opened with a
> ]program such as "Wordpad", it is harmless. But when opened with a program such
> ]as "Word", imbedded scripts can be run that may not be harmless. The question
>
> That makes teh .doc file dangerous-- it usually interacts with a program
> that is so complex that is certainly has bugs.
>


So, who kills people?
a)people
b)guns
c)the bullet
d)organ failure/major hemmorage
e)what does it matter, just don't stand in front of it
 
Reply With Quote
 
Newman
Guest
Posts: n/a
 
      08-15-2004
Anonymous wrote:

> Franky <(E-Mail Removed)> wrote in news:95466BA3363D31E75@127.0.0.1:
>
>
>>WAV is actually dangerous then does AVG have the ability to
>>detect bad WAVs?
>>

>
>
> Only executables can cause your computer to be infected by viruses. Non-
> executable files, like images or WAV files can have viral code inserted
> into them, but the viral code will never be executed, so they are not a
> threat.
> The main threat you may have is files with double extensions which can fool
> the user into thinking the file is a WAV file, when in reality it is
> executable. e.g. the file 'Nirvana - Smells like teen spirit.WAV.exe'
> would look like a WAV file, but it is really an executable file in
> disguise!
>


read previous posts to find out why you're wrong. and your website is
hard to read.
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
instead of depending on data = array('h') .. write samples 1 by 1 tow = wave.open("wav.wav", "w") '2+ Python 2 07-29-2009 06:26 PM
CD-DA to Wav to DVD as Wav files? makbertodelete@anothermessage.com DVD Video 10 09-27-2005 08:42 PM
Substituting AOL Wav files with MSN Wav files Thaqalain Computer Support 6 07-07-2005 08:17 PM
Req: Want To Record MID Files To WAV Files - HELP - Thanks George Computer Support 1 08-24-2003 06:09 AM
Wav files to MP3 files....? Rip Torin Computer Support 2 07-01-2003 09:26 AM



Advertisments