Is there a danger opening WMV files in XP?

Is there a danger opening WMV files in XP?

I sem to recall something about being taken to dangerous web sites or
getting unwanted code on my system or something like that.

I am running XP Pro/SP2.

Andy

Andy wrote:
> Is there a danger opening WMV files in XP?
>
> I sem to recall something about being taken to dangerous web sites or
> getting unwanted code on my system or something like that.
>
> I am running XP Pro/SP2.

Not if you got the latest updates...

--
.~. Might, Courage, Vision, SINCERITY. http://www.linux-sxs.org
/ v \ Simplicity is Beauty! May the Force and Farce be with you!
/( _ )\ (Ubuntu 5.10) Linux 2.6.16.16
^ ^ 20:07:01 up 4:34 1 user load average: 1.00 1.04 1.01
news://news.3home.net news://news.hkpcug.org news://news.newsgroup.com.hk

Man-wai Chang

Andy wrote:
> Is there a danger opening WMV files in XP?

Yes, if the files are ****ed up with DRM and you didn't properly remove
at least the DRM client components.

This will lead to two big problems:

1. A license aquistion dialogue will be opened, rendering HTML with the
IE engine. Hurray, free choice to use 50+ unpatched IE vulnerabilities.

2. A slient license aquistion might take place. This will install a
license for this file, including all relevant DRM mechanisms. One is
revokation. As an evil guy I would say "revoke after 1 second, delete
the license, the license's name is C:\mp3z\*.mp3".


There's also a possibility to include JavaScript code within a normal
WMV file, but actually running it is disabled by default.

> I sem to recall something about being taken to dangerous web sites or
> getting unwanted code on my system or something like that.

See above, this is usually a correct assumption.


BTW, would you please set a fup2 next time?

Sebastian Gottschalk

From: "Andy" <>

| Is there a danger opening WMV files in XP?

| I sem to recall something about being taken to dangerous web sites or
| getting unwanted code on my system or something like that.

| I am running XP Pro/SP2.

If the Media Player is properly patched -- No.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

David H. Lipman

> Is there a danger opening WMV files in XP?

There is no danger if you open the files with Notepad. This simple
security procedure will defeat exploits targeting media players, and
also protect your soul from explicit content.

Ludovic Joly

From: "Ludovic Joly" <>

|
>> Is there a danger opening WMV files in XP?
|
| There is no danger if you open the files with Notepad. This simple
| security procedure will defeat exploits targeting media players, and
| also protect your soul from explicit content.

That's funny

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

David H. Lipman

Man-wai Chang <> wrote:
> Andy wrote:
> > Is there a danger opening WMV files in XP?
> >
> > I sem to recall something about being taken to dangerous web sites or
> > getting unwanted code on my system or something like that.
> >
> > I am running XP Pro/SP2.
>
> Not if you got the latest updates...

Note "got", not "*think* you got"! Lately *Automatic* Updates (the
automatic/icon/popup version) has been notorious in being days and even
weeks late compared to *Windows* Update (the browser version) [1], so
check with *Windows* Update that you have all the latest stuff.

[1] The Microsoft servers give priority to Windows Update over Automatic
Updates. Often Automatic Updates can *say* that there are updates
available for your computer, but not actually (fully) *download*, let
alone *install*, them until days/weeks later. For the gory details, see
the logs (in my case, XP Pro SP2, "Windows Update.log" and
"WindowsUpdate.log" (in C:\WINDOWS), especially the latter),
specifically the "DnldMgr * Update is not allowed to download due to
regulation." messages.

Frank Slootweg

In article <Xns97C078CF62DDF74C1H4@127.0.0.1>, says...
> Is there a danger opening WMV files in XP?
>
> I sem to recall something about being taken to dangerous web sites or
> getting unwanted code on my system or something like that.
>
> I am running XP Pro/SP2.

Opening any files you open "Can" present a danger, but the scope of the
threat can be limited.

Windows media player has had several exploits, as long as you patch your
system with all security updates, you will be as safe as possible at
that time - notice I didn't say you would be safe, I said safe AS
POSSIBLE.


--


remove 999 in order to email me

Leythos

Leythos <> writes:

>In article <Xns97C078CF62DDF74C1H4@127.0.0.1>, says...
>> Is there a danger opening WMV files in XP?
>>
>> I sem to recall something about being taken to dangerous web sites or
>> getting unwanted code on my system or something like that.
>>
>> I am running XP Pro/SP2.

>Opening any files you open "Can" present a danger, but the scope of the
>threat can be limited.

>Windows media player has had several exploits, as long as you patch your
>system with all security updates, you will be as safe as possible at
>that time - notice I didn't say you would be safe, I said safe AS
>POSSIBLE.

YOu will be safer not opening them. So the question was as to the
comparative safety. There have been so many exploits, and the time between
the exploit being used and patched is some number of days ( lets say 10)
Thus, your safety if you patch is 10 days out of 365/Number of exploits per
year. Even with only one exploit a year, relying on patching gives you a
safety of only 3%-- ie you have a 3% chance of being hit if someone attacks
you once a year. If they attack you 30 times a year with the latest
exploit they have about 100% chance of getting in. Does that sound safe?o
Now if you never do anything that could trigger the exploit you will not be
broken into.
Ie, relying on patching to keep you safe is a rediculously insecure way of
behaving.
It is certainly necessary ( since y ou can raise those odds to 100% per
attempt if you never patch, and 3% is better than 100%) but should not even
be your 10th line of defence.

Unruh

From: "Unruh" <unruh->


|
| YOu will be safer not opening them. So the question was as to the
| comparative safety. There have been so many exploits, and the time between
| the exploit being used and patched is some number of days ( lets say 10)
| Thus, your safety if you patch is 10 days out of 365/Number of exploits per
| year. Even with only one exploit a year, relying on patching gives you a
| safety of only 3%-- ie you have a 3% chance of being hit if someone attacks
| you once a year. If they attack you 30 times a year with the latest
| exploit they have about 100% chance of getting in. Does that sound safe?o
| Now if you never do anything that could trigger the exploit you will not be
| broken into.
| Ie, relying on patching to keep you safe is a rediculously insecure way of
| behaving.
| It is certainly necessary ( since y ou can raise those odds to 100% per
| attempt if you never patch, and 3% is better than 100%) but should not even
| be your 10th line of defence.
|

Yeah but if you don't open the WMV, you don't see the video.

Live in fear, die in despair.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

David H. Lipman