Are WAV files dangerous?

Discussion in 'Computer Security' started by Franky, Aug 15, 2004.

  1. Franky

    Franky Guest

    I am aware that some MP3s can exploit weaknesses in the player.
    Eg. Winamp 2.81 http://www.securityfocus.com/archive/1/303934

    But can a WAV file also be dangerous? Using Google, only a few
    people say 'yes'. So is this just a myth?

    If a WAV is actually dangerous then does AVG have the ability to
    detect bad WAVs?
    Franky, Aug 15, 2004
    #1
    1. Advertising

  2. No, WAV files are not dangerous.

    Dave




    "Franky" <> wrote in message news:95466BA3363D31E75@127.0.0.1...
    | I am aware that some MP3s can exploit weaknesses in the player.
    | Eg. Winamp 2.81 http://www.securityfocus.com/archive/1/303934
    |
    | But can a WAV file also be dangerous? Using Google, only a few
    | people say 'yes'. So is this just a myth?
    |
    | If a WAV is actually dangerous then does AVG have the ability to
    | detect bad WAVs?
    David H. Lipman, Aug 15, 2004
    #2
    1. Advertising

  3. "David H. Lipman" wrote:
    >
    > No, WAV files are not dangerous.


    Any file - MP3, WAV or other - can be indirectly dangerous if loaded into a
    vulnerable program. As an example, Microsoft Outlook Express used to suffer
    from a vulnerability known as the "x-wav exploit". This was used by
    BadTrans.

    Therefore it is not enough to avoid intrinsically dangerous files - broken
    software must also be avoided.

    Follow-ups set.

    Thor

    --
    http://www.anta.net/
    Thor Kottelin, Aug 15, 2004
    #3
  4. Franky

    John Coutts Guest

    In article <95466BA3363D31E75@127.0.0.1>, says...
    >
    >I am aware that some MP3s can exploit weaknesses in the player.
    >Eg. Winamp 2.81 http://www.securityfocus.com/archive/1/303934
    >
    >But can a WAV file also be dangerous? Using Google, only a few
    >people say 'yes'. So is this just a myth?
    >
    >If a WAV is actually dangerous then does AVG have the ability to
    >detect bad WAVs?

    ******************* REPLY SEPARATER ********************
    Generally speaking, any data file (.wav, .mpe, .gif) is not dangerous. It
    cannot execute commands by itself.

    For example, a document file (.doc) is in itself benign. When opened with a
    program such as "Wordpad", it is harmless. But when opened with a program such
    as "Word", imbedded scripts can be run that may not be harmless. The question
    has more to do with the executing program than with the data files themselves,
    and Microsoft has a habit of adding bells & whistles that execute in the
    background without your knowledge. The default disabling of displaying file
    extensions, and the default association of file extensions with specific
    programs, is in my opinion one of the most insecure things that Microsoft has
    ever done. I personally always open the program that I want to use, and then
    load the data file.

    J.A. Coutts
    John Coutts, Aug 15, 2004
    #4
  5. "John Coutts" <> wrote in message news:...
    > In article <95466BA3363D31E75@127.0.0.1>, says...
    > >
    > >I am aware that some MP3s can exploit weaknesses in the player.
    > >Eg. Winamp 2.81 http://www.securityfocus.com/archive/1/303934
    > >
    > >But can a WAV file also be dangerous? Using Google, only a few
    > >people say 'yes'. So is this just a myth?
    > >
    > >If a WAV is actually dangerous then does AVG have the ability to
    > >detect bad WAVs?

    > ******************* REPLY SEPARATER ********************
    > Generally speaking, any data file (.wav, .mpe, .gif) is not dangerous. It
    > cannot execute commands by itself.
    >
    > For example, a document file (.doc) is in itself benign. When opened with a
    > program such as "Wordpad", it is harmless. But when opened with a program such
    > as "Word", imbedded scripts can be run that may not be harmless. The question
    > has more to do with the executing program than with the data files themselves,
    > and Microsoft has a habit of adding bells & whistles that execute in the
    > background without your knowledge. The default disabling of displaying file
    > extensions, and the default association of file extensions with specific
    > programs, is in my opinion one of the most insecure things that Microsoft has
    > ever done. I personally always open the program that I want to use, and then
    > load the data file.
    >
    > J.A. Coutts


    If an MP3 was made to exploit the flaw, and renamed to .wav to avoid the scanner would
    it still be handled by WinAmp as an MP3 after the OS sent it to WinAmp by extention assoc?
    Would it still be a danger by you opening "from" the app?
    Criminal Element, Aug 15, 2004
    #5
  6. Franky

    Bill Unruh Guest

    (John Coutts) writes:

    ]In article <95466BA3363D31E75@127.0.0.1>, says...
    ]>
    ]>I am aware that some MP3s can exploit weaknesses in the player.
    ]>Eg. Winamp 2.81 http://www.securityfocus.com/archive/1/303934
    ]>
    ]>But can a WAV file also be dangerous? Using Google, only a few
    ]>people say 'yes'. So is this just a myth?
    ]>
    ]>If a WAV is actually dangerous then does AVG have the ability to
    ]>detect bad WAVs?
    ]******************* REPLY SEPARATER ********************
    ]Generally speaking, any data file (.wav, .mpe, .gif) is not dangerous. It
    ]cannot execute commands by itself.

    Not really true. data files can be dangerous, if they interact with bugs in
    the programs which they are data for. Thus the MP3 vulnerability.

    Now wav files have very well defined data fields-- fixed length with no
    terminating designation, which means it is pretty hard to make a buggy
    reader.

    ]For example, a document file (.doc) is in itself benign. When opened with a
    ]program such as "Wordpad", it is harmless. But when opened with a program such
    ]as "Word", imbedded scripts can be run that may not be harmless. The question

    That makes teh .doc file dangerous-- it usually interacts with a program
    that is so complex that is certainly has bugs.


    ]has more to do with the executing program than with the data files themselves,
    ]and Microsoft has a habit of adding bells & whistles that execute in the
    ]background without your knowledge. The default disabling of displaying file
    ]extensions, and the default association of file extensions with specific
    ]programs, is in my opinion one of the most insecure things that Microsoft has
    ]ever done. I personally always open the program that I want to use, and then
    ]load the data file.

    ]J.A. Coutts
    Bill Unruh, Aug 15, 2004
    #6
  7. Franky

    Anonymous Guest

    Franky <> wrote in news:95466BA3363D31E75@127.0.0.1:

    > AV is actually dangerous then does AVG have the ability to
    > detect bad WAVs?
    >


    Only executables can cause your computer to be infected by viruses. Non-
    executable files, like images or WAV files can have viral code inserted
    into them, but the viral code will never be executed, so they are not a
    threat.
    The main threat you may have is files with double extensions which can fool
    the user into thinking the file is a WAV file, when in reality it is
    executable. e.g. the file 'Nirvana - Smells like teen spirit.WAV.exe'
    would look like a WAV file, but it is really an executable file in
    disguise!

    --
    The email address used is fake. Any replies will not be read!
    If you want to reply, reply to the newsgroup instead.

    Visit my website!
    http://storm.prohosting.com/compsecu
    Anonymous, Aug 15, 2004
    #7
  8. Franky

    Mimic Guest

    Anonymous wrote:
    > Franky <> wrote in news:95466BA3363D31E75@127.0.0.1:
    >
    >
    >>AV is actually dangerous then does AVG have the ability to
    >>detect bad WAVs?
    >>

    >
    >
    > Only executables can cause your computer to be infected by viruses. Non-
    > executable files, like images or WAV files can have viral code inserted
    > into them, but the viral code will never be executed, so they are not a
    > threat.
    > The main threat you may have is files with double extensions which can fool
    > the user into thinking the file is a WAV file, when in reality it is
    > executable. e.g. the file 'Nirvana - Smells like teen spirit.WAV.exe'
    > would look like a WAV file, but it is really an executable file in
    > disguise!
    >


    wrong

    --
    Mimic

    "The voices have stopped now. But they had some good ideas."

    "Without knowledge you have fear. With fear you create your own nightmares."
    ZGF0YWZsZXhAY2FubmFiaXNtYWlsLmNvbQ== [ www.hidemyemail.net ]
    Mimic, Aug 15, 2004
    #8
  9. Franky

    Newman Guest


    > ]For example, a document file (.doc) is in itself benign. When opened with a
    > ]program such as "Wordpad", it is harmless. But when opened with a program such
    > ]as "Word", imbedded scripts can be run that may not be harmless. The question
    >
    > That makes teh .doc file dangerous-- it usually interacts with a program
    > that is so complex that is certainly has bugs.
    >


    So, who kills people?
    a)people
    b)guns
    c)the bullet
    d)organ failure/major hemmorage
    e)what does it matter, just don't stand in front of it
    Newman, Aug 15, 2004
    #9
  10. Franky

    Newman Guest

    Anonymous wrote:

    > Franky <> wrote in news:95466BA3363D31E75@127.0.0.1:
    >
    >
    >>WAV is actually dangerous then does AVG have the ability to
    >>detect bad WAVs?
    >>

    >
    >
    > Only executables can cause your computer to be infected by viruses. Non-
    > executable files, like images or WAV files can have viral code inserted
    > into them, but the viral code will never be executed, so they are not a
    > threat.
    > The main threat you may have is files with double extensions which can fool
    > the user into thinking the file is a WAV file, when in reality it is
    > executable. e.g. the file 'Nirvana - Smells like teen spirit.WAV.exe'
    > would look like a WAV file, but it is really an executable file in
    > disguise!
    >


    read previous posts to find out why you're wrong. and your website is
    hard to read.
    Newman, Aug 15, 2004
    #10
  11. Franky

    Jim Watt Guest

    On Sun, 15 Aug 2004 15:25:37 -0500, Newman <> wrote:

    >read previous posts to find out why you're wrong.


    Indeed

    >and your website is hard to read.


    It is, however I find with that sort of dumb colour combination
    you can read the text if you select it. Thats about the only way
    blue on blue works.

    Backgrounds often detract and become tedious.

    --
    Jim Watt
    http://www.gibnet.com
    Jim Watt, Aug 15, 2004
    #11
  12. Franky

    Tim H. Guest

    "Franky" <> wrote in message
    news:95466BA3363D31E75@127.0.0.1...
    > I am aware that some MP3s can exploit weaknesses in the player.
    > Eg. Winamp 2.81 http://www.securityfocus.com/archive/1/303934
    >
    > But can a WAV file also be dangerous? Using Google, only a few
    > people say 'yes'. So is this just a myth?


    Not sure why no one else mentioned this...

    If a program has unchecked data buffers, then it's susceptible to buffer
    overflows. And if a jpeg, wav or mp3 contains data to exploit that overflow,
    then yes, a wav file COULD be dangerous. The file itself isn't dangerous,
    only when used with the program it's trying to exploit.

    -Tim

    >
    > If a WAV is actually dangerous then does AVG have the ability to
    > detect bad WAVs?
    Tim H., Aug 15, 2004
    #12
  13. Franky

    kurt wismer Guest

    Franky wrote:

    > I am aware that some MP3s can exploit weaknesses in the player.
    > Eg. Winamp 2.81 http://www.securityfocus.com/archive/1/303934
    >
    > But can a WAV file also be dangerous? Using Google, only a few
    > people say 'yes'. So is this just a myth?
    >
    > If a WAV is actually dangerous then does AVG have the ability to
    > detect bad WAVs?


    there are no bad WAVs... there are no bad MP3s either, technically...
    it either meets the specifications for that format (and therefore is
    that type) or doesn't meet the specifications for that format (and
    therefore isn't that type)...

    the fact that certain players don't handle certain combinations of
    valid (as in, allowed by the specifications for the format) data very
    well doesn't make the file containing that data "bad"... it just means
    there's a bug in the player that needs to be fixed...

    as such, can avg (or another product that mostly deals with viruses)
    detect valid WAV files that still manage to play havoc with some audio
    player somewhere? i would guess probably not... at best it might detect
    a handful of specially crafted examples of WAV files that cause
    problems with some players and were seen in the wild, but i can't see
    adding general detection for the entire class of objects... it's too
    poorly specified a class...

    --
    "maxwell can tell he's in hell
    just wants you to visit him there
    same old game that he's playin'
    his rules are never fair"
    kurt wismer, Aug 15, 2004
    #13
  14. "Thor Kottelin" corrected me with the reply of the "x-wav exploit" which is a buffer
    overflow vulnerability. So it has been stated.

    Dave



    "Tim H." <> wrote in message news:SsRTc.297727$JR4.21178@attbi_s54...
    |
    | "Franky" <> wrote in message
    | news:95466BA3363D31E75@127.0.0.1...
    | > I am aware that some MP3s can exploit weaknesses in the player.
    | > Eg. Winamp 2.81 http://www.securityfocus.com/archive/1/303934
    | >
    | > But can a WAV file also be dangerous? Using Google, only a few
    | > people say 'yes'. So is this just a myth?
    |
    | Not sure why no one else mentioned this...
    |
    | If a program has unchecked data buffers, then it's susceptible to buffer
    | overflows. And if a jpeg, wav or mp3 contains data to exploit that overflow,
    | then yes, a wav file COULD be dangerous. The file itself isn't dangerous,
    | only when used with the program it's trying to exploit.
    |
    | -Tim
    |
    | >
    | > If a WAV is actually dangerous then does AVG have the ability to
    | > detect bad WAVs?
    |
    |
    David H. Lipman, Aug 15, 2004
    #14
  15. Franky

    Mimic Guest

    Jim Watt wrote:

    > On Sun, 15 Aug 2004 15:25:37 -0500, Newman <> wrote:
    >
    >
    >>read previous posts to find out why you're wrong.

    >
    >
    > Indeed
    >
    >
    >>and your website is hard to read.

    >
    >
    > It is, however I find with that sort of dumb colour combination
    > you can read the text if you select it. Thats about the only way
    > blue on blue works.
    >
    > Backgrounds often detract and become tedious.
    >
    > --
    > Jim Watt
    > http://www.gibnet.com


    indeed, is find his colorscheme bad. The red against the blue flares and
    hurts my eyes :p

    --
    Mimic

    "The voices have stopped now. But they had some good ideas."

    "Without knowledge you have fear. With fear you create your own nightmares."
    ZGF0YWZsZXhAY2FubmFiaXNtYWlsLmNvbQ== [ www.hidemyemail.net ]
    Mimic, Aug 15, 2004
    #15
  16. Franky

    Julian Moss Guest

    Tim H. wrote:

    > Not sure why no one else mentioned this...
    >
    > If a program has unchecked data buffers, then it's susceptible to
    > buffer overflows. And if a jpeg, wav or mp3 contains data to exploit
    > that overflow, then yes, a wav file COULD be dangerous. The file
    > itself isn't dangerous, only when used with the program it's trying
    > to exploit.
    >
    > -Tim
    >
    > >
    > > If a WAV is actually dangerous then does AVG have the ability to
    > > detect bad WAVs?


    But people use many different programs to play WAV or MP3 files. A
    buffer overflow exploit will only work with the program it was designed
    to exploit. A case, perhaps, for never using the most popular
    applications (e.g. Windows Media Player, in this example.)

    --
    Julian Moss
    Tech-Pro Limited
    http://www.tech-pro.net/
    Julian Moss, Aug 16, 2004
    #16
  17. "Anonymous" <> wrote in message news:Xns9546BB0742B29memecom@217.32.252.50...
    > Franky <> wrote in news:95466BA3363D31E75@127.0.0.1:
    >
    > > AV is actually dangerous then does AVG have the ability to
    > > detect bad WAVs?
    > >

    >
    > Only executables can cause your computer to be infected by viruses. Non-
    > executable files, like images or WAV files can have viral code inserted
    > into them, but the viral code will never be executed, so they are not a
    > threat.


    not soo fast . . .

    In a perfect world maybe. But here in reality we deal with data files that loaders use to create
    executable images in turn scheduled to process. Now "executable" only means the data is "expected"
    to end up as an executable image not that it is actually executable on its own. Apps using
    data can cause the "unexpected" to execute and THIS is what causes peeps to tag .mp3 or .* as
    worthy or not of scanning.

    > The main threat you may have . . . [ . . . ]


    <yawn.wav.pif or yawn..wav .exe>

    True, but ANY file of ANY name can be mishandeled and some are known to be mishandeled
    by certain popular apps. Mp3's are (or were) mishandeled by the OS (XP) itself during mousover
    (or hover?) event.

    . . . trust no-one :)
    Criminal Element, Aug 16, 2004
    #17
  18. I don't think so. Wasn't that exploit only to trick the OS into executing an EXE cause it was
    thought to be a safe MIME Type of WAV? Where was the buffer exploit there?
    "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message news:HDRTc.2075$de4.1325@trndny07...
    > "Thor Kottelin" corrected me with the reply of the "x-wav exploit" which is a buffer
    > overflow vulnerability. So it has been stated.
    >
    > Dave
    >
    >
    >
    > "Tim H." <> wrote in message news:SsRTc.297727$JR4.21178@attbi_s54...
    > |
    > | "Franky" <> wrote in message
    > | news:95466BA3363D31E75@127.0.0.1...
    > | > I am aware that some MP3s can exploit weaknesses in the player.
    > | > Eg. Winamp 2.81 http://www.securityfocus.com/archive/1/303934
    > | >
    > | > But can a WAV file also be dangerous? Using Google, only a few
    > | > people say 'yes'. So is this just a myth?
    > |
    > | Not sure why no one else mentioned this...
    > |
    > | If a program has unchecked data buffers, then it's susceptible to buffer
    > | overflows. And if a jpeg, wav or mp3 contains data to exploit that overflow,
    > | then yes, a wav file COULD be dangerous. The file itself isn't dangerous,
    > | only when used with the program it's trying to exploit.
    > |
    > | -Tim
    > |
    > | >
    > | > If a WAV is actually dangerous then does AVG have the ability to
    > | > detect bad WAVs?
    > |
    > |
    >
    >
    Criminal Element, Aug 16, 2004
    #18
  19. Franky

    Bill Unruh Guest

    kurt wismer <> writes:

    ]Franky wrote:

    ]> I am aware that some MP3s can exploit weaknesses in the player.
    ]> Eg. Winamp 2.81 http://www.securityfocus.com/archive/1/303934
    ]>
    ]> But can a WAV file also be dangerous? Using Google, only a few
    ]> people say 'yes'. So is this just a myth?
    ]>
    ]> If a WAV is actually dangerous then does AVG have the ability to
    ]> detect bad WAVs?

    ]there are no bad WAVs... there are no bad MP3s either, technically...
    ]it either meets the specifications for that format (and therefore is
    ]that type) or doesn't meet the specifications for that format (and
    ]therefore isn't that type)...

    ]the fact that certain players don't handle certain combinations of
    ]valid (as in, allowed by the specifications for the format) data very
    ]well doesn't make the file containing that data "bad"... it just means
    ]there's a bug in the player that needs to be fixed...

    ]as such, can avg (or another product that mostly deals with viruses)
    ]detect valid WAV files that still manage to play havoc with some audio
    ]player somewhere? i would guess probably not... at best it might detect
    ] a handful of specially crafted examples of WAV files that cause
    ]problems with some players and were seen in the wild, but i can't see
    ]adding general detection for the entire class of objects... it's too
    ]poorly specified a class...

    The question is how tightly the standards constrain the file. In the case
    of wav files, the data structure size and type is tightly constrained. If
    there are things like titles, etc around then they will have a freeform
    data structure, which could in a badly written program cause trouble. (eg
    the person writting assumes that say 512 bytes is more than enough for any
    title.)
    If the data structure says that the data header is exactly 100 byes long,
    then it is hard to miscode that. if it is of variable length, then it gets
    easier.
    Bill Unruh, Aug 17, 2004
    #19
  20. Bill Unruh wrote:

    > The question is how tightly the standards constrain the file.


    No. The question is what happens when the file doesn't conform to the
    standard. A parser shouldn't crash at the first non-conformance. It
    should be robust enough to either ignore the errors or reject the data.

    Many exploits discovered by the PROTOS test suite (including SNMP
    implementations!) were holes left by too trusting programmers.

    -- Lassi
    Lassi =?iso-8859-1?Q?Hippel=E4inen?=, Aug 17, 2004
    #20
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Rip Torin

    Wav files to MP3 files....?

    Rip Torin, Jul 1, 2003, in forum: Computer Support
    Replies:
    2
    Views:
    507
    Fummie
    Jul 1, 2003
  2. George
    Replies:
    1
    Views:
    398
    Mistoffolees
    Aug 24, 2003
  3. Thaqalain

    Substituting AOL Wav files with MSN Wav files

    Thaqalain, Jul 7, 2005, in forum: Computer Support
    Replies:
    6
    Views:
    6,091
    Thaqalain
    Jul 7, 2005
  4. Replies:
    10
    Views:
    1,504
    Steven Sullivan
    Sep 27, 2005
  5. Zakko

    Can font files be dangerous

    Zakko, Jan 16, 2008, in forum: Computer Security
    Replies:
    8
    Views:
    662
    Jim Watt
    Jan 17, 2008
Loading...

Share This Page