Is there a danger opening WMV files in XP?

Discussion in 'Computer Security' started by Andy, May 11, 2006.

  1. Andy

    Andy Guest

    Is there a danger opening WMV files in XP?

    I sem to recall something about being taken to dangerous web sites or
    getting unwanted code on my system or something like that.

    I am running XP Pro/SP2.
    Andy, May 11, 2006
    #1
    1. Advertising

  2. Andy wrote:
    > Is there a danger opening WMV files in XP?
    >
    > I sem to recall something about being taken to dangerous web sites or
    > getting unwanted code on my system or something like that.
    >
    > I am running XP Pro/SP2.


    Not if you got the latest updates...

    --
    .~. Might, Courage, Vision, SINCERITY. http://www.linux-sxs.org
    / v \ Simplicity is Beauty! May the Force and Farce be with you!
    /( _ )\ (Ubuntu 5.10) Linux 2.6.16.16
    ^ ^ 20:07:01 up 4:34 1 user load average: 1.00 1.04 1.01
    news://news.3home.net news://news.hkpcug.org news://news.newsgroup.com.hk
    Man-wai Chang, May 11, 2006
    #2
    1. Advertising

  3. Andy wrote:
    > Is there a danger opening WMV files in XP?


    Yes, if the files are fucked up with DRM and you didn't properly remove
    at least the DRM client components.

    This will lead to two big problems:

    1. A license aquistion dialogue will be opened, rendering HTML with the
    IE engine. Hurray, free choice to use 50+ unpatched IE vulnerabilities.

    2. A slient license aquistion might take place. This will install a
    license for this file, including all relevant DRM mechanisms. One is
    revokation. As an evil guy I would say "revoke after 1 second, delete
    the license, the license's name is C:\mp3z\*.mp3".


    There's also a possibility to include JavaScript code within a normal
    WMV file, but actually running it is disabled by default.

    > I sem to recall something about being taken to dangerous web sites or
    > getting unwanted code on my system or something like that.


    See above, this is usually a correct assumption.


    BTW, would you please set a fup2 next time?
    Sebastian Gottschalk, May 11, 2006
    #3
  4. David H. Lipman, May 11, 2006
    #4
  5. Andy

    Ludovic Joly Guest


    > Is there a danger opening WMV files in XP?


    There is no danger if you open the files with Notepad. This simple
    security procedure will defeat exploits targeting media players, and
    also protect your soul from explicit content.
    Ludovic Joly, May 11, 2006
    #5
  6. David H. Lipman, May 11, 2006
    #6
  7. Man-wai Chang <> wrote:
    > Andy wrote:
    > > Is there a danger opening WMV files in XP?
    > >
    > > I sem to recall something about being taken to dangerous web sites or
    > > getting unwanted code on my system or something like that.
    > >
    > > I am running XP Pro/SP2.

    >
    > Not if you got the latest updates...


    Note "got", not "*think* you got"! Lately *Automatic* Updates (the
    automatic/icon/popup version) has been notorious in being days and even
    weeks late compared to *Windows* Update (the browser version) [1], so
    check with *Windows* Update that you have all the latest stuff.

    [1] The Microsoft servers give priority to Windows Update over Automatic
    Updates. Often Automatic Updates can *say* that there are updates
    available for your computer, but not actually (fully) *download*, let
    alone *install*, them until days/weeks later. For the gory details, see
    the logs (in my case, XP Pro SP2, "Windows Update.log" and
    "WindowsUpdate.log" (in C:\WINDOWS), especially the latter),
    specifically the "DnldMgr * Update is not allowed to download due to
    regulation." messages.
    Frank Slootweg, May 11, 2006
    #7
  8. Andy

    Leythos Guest

    In article <Xns97C078CF62DDF74C1H4@127.0.0.1>, says...
    > Is there a danger opening WMV files in XP?
    >
    > I sem to recall something about being taken to dangerous web sites or
    > getting unwanted code on my system or something like that.
    >
    > I am running XP Pro/SP2.


    Opening any files you open "Can" present a danger, but the scope of the
    threat can be limited.

    Windows media player has had several exploits, as long as you patch your
    system with all security updates, you will be as safe as possible at
    that time - notice I didn't say you would be safe, I said safe AS
    POSSIBLE.


    --


    remove 999 in order to email me
    Leythos, May 11, 2006
    #8
  9. Andy

    Unruh Guest

    Leythos <> writes:

    >In article <Xns97C078CF62DDF74C1H4@127.0.0.1>, says...
    >> Is there a danger opening WMV files in XP?
    >>
    >> I sem to recall something about being taken to dangerous web sites or
    >> getting unwanted code on my system or something like that.
    >>
    >> I am running XP Pro/SP2.


    >Opening any files you open "Can" present a danger, but the scope of the
    >threat can be limited.


    >Windows media player has had several exploits, as long as you patch your
    >system with all security updates, you will be as safe as possible at
    >that time - notice I didn't say you would be safe, I said safe AS
    >POSSIBLE.


    YOu will be safer not opening them. So the question was as to the
    comparative safety. There have been so many exploits, and the time between
    the exploit being used and patched is some number of days ( lets say 10)
    Thus, your safety if you patch is 10 days out of 365/Number of exploits per
    year. Even with only one exploit a year, relying on patching gives you a
    safety of only 3%-- ie you have a 3% chance of being hit if someone attacks
    you once a year. If they attack you 30 times a year with the latest
    exploit they have about 100% chance of getting in. Does that sound safe?o
    Now if you never do anything that could trigger the exploit you will not be
    broken into.
    Ie, relying on patching to keep you safe is a rediculously insecure way of
    behaving.
    It is certainly necessary ( since y ou can raise those odds to 100% per
    attempt if you never patch, and 3% is better than 100%) but should not even
    be your 10th line of defence.
    Unruh, May 11, 2006
    #9
  10. From: "Unruh" <>


    |
    | YOu will be safer not opening them. So the question was as to the
    | comparative safety. There have been so many exploits, and the time between
    | the exploit being used and patched is some number of days ( lets say 10)
    | Thus, your safety if you patch is 10 days out of 365/Number of exploits per
    | year. Even with only one exploit a year, relying on patching gives you a
    | safety of only 3%-- ie you have a 3% chance of being hit if someone attacks
    | you once a year. If they attack you 30 times a year with the latest
    | exploit they have about 100% chance of getting in. Does that sound safe?o
    | Now if you never do anything that could trigger the exploit you will not be
    | broken into.
    | Ie, relying on patching to keep you safe is a rediculously insecure way of
    | behaving.
    | It is certainly necessary ( since y ou can raise those odds to 100% per
    | attempt if you never patch, and 3% is better than 100%) but should not even
    | be your 10th line of defence.
    |

    Yeah but if you don't open the WMV, you don't see the video.

    Live in fear, die in despair.

    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
    David H. Lipman, May 11, 2006
    #10
  11. Andy

    edgewalker Guest

    "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message news:m2G8g.5007$OF6.1420@trnddc06...
    > From: "Andy" <>
    >
    > | Is there a danger opening WMV files in XP?
    >
    > | I sem to recall something about being taken to dangerous web sites or
    > | getting unwanted code on my system or something like that.
    >
    > | I am running XP Pro/SP2.
    >
    > If the Media Player is properly patched -- No.


    Some media filetypes (with mediaplayer) allow the firing up of IE and the
    included URL will be visited. If a "bad" site wants visitors, then populating
    p2p with "bad" mediafiles is an option for them.

    My advice is to put Windows Media Trojan in the trash bin - and I don't
    care what version or how updated Microsoft says it is. Microsoft somehow
    decided to include this stupid feature though it is configurable in new versions
    I've heard.
    edgewalker, May 11, 2006
    #11
  12. Andy

    Andy Guest

    On 11 May 2006, Sebastian Gottschalk<> wrote:

    > Andy wrote:
    >> Is there a danger opening WMV files in XP?

    >
    > Yes, if the files are fucked up with DRM and you didn't properly
    > remove at least the DRM client components.
    >
    > This will lead to two big problems:
    >
    > 1. A license aquistion dialogue will be opened, rendering HTML with
    > the IE engine. Hurray, free choice to use 50+ unpatched IE
    > vulnerabilities.
    >
    > 2. A slient license aquistion might take place. This will install a
    > license for this file, including all relevant DRM mechanisms. One
    > is revokation. As an evil guy I would say "revoke after 1 second,
    > delete the license, the license's name is C:\mp3z\*.mp3".
    >
    >
    > There's also a possibility to include JavaScript code within a
    > normal WMV file, but actually running it is disabled by default.



    Yes this is what I end to see. I execute a 1MB WMV file and the next
    thing I know WMP has alunched as asks about being allowed to go off and
    get some authorisation. Hmmm. I never let it.

    If I run some other media player like Media Player Classic (by Gabest)
    or Irfanview or Zoom then I just get an error message at this point
    saying the player can't proceed.


    >> I sem to recall something about being taken to dangerous web sites
    >> or getting unwanted code on my system or something like that.

    >
    > See above, this is usually a correct assumption.
    >
    >
    > BTW, would you please set a fup2 next time?

    Doesn't Thunderbird offer a suitable option for x-post killing?
    I find FollowUp To never works well in the end.
    Andy, May 11, 2006
    #12
  13. Andy

    Zak Guest

    On 11 May 2006, David H. Lipman<DLipman~nospam~@Verizon.Net> wrote:

    > From: "Unruh" <>
    >
    >
    >|
    >| YOu will be safer not opening them. So the question was as to the
    >| comparative safety. There have been so many exploits, and the time
    >| between the exploit being used and patched is some number of days
    >| ( lets say 10) Thus, your safety if you patch is 10 days out of
    >| 365/Number of exploits per year. Even with only one exploit a
    >| year, relying on patching gives you a safety of only 3%-- ie you
    >| have a 3% chance of being hit if someone attacks you once a year.
    >| If they attack you 30 times a year with the latest exploit they
    >| have about 100% chance of getting in. Does that sound safe?o Now
    >| if you never do anything that could trigger the exploit you will
    >| not be broken into.
    >| Ie, relying on patching to keep you safe is a rediculously
    >| insecure way of behaving.
    >| It is certainly necessary ( since y ou can raise those odds to
    >| 100% per attempt if you never patch, and 3% is better than 100%)
    >| but should not even be your 10th line of defence.
    >|
    >
    > Yeah but if you don't open the WMV, you don't see the video.
    >
    > Live in fear, die in despair.
    >


    The vid is probably no good anyway.
    Zak, May 11, 2006
    #13
  14. From: "Zak" <>


    >> Yeah but if you don't open the WMV, you don't see the video.
    >>
    >> Live in fear, die in despair.
    >>

    | The vid is probably no good anyway.

    That's a broad statement. What WMV ? I have sen some great porno shorts in WMV format.
    :)

    I also work for a NJ, USA, music promoter and have viewed some great WMVs dealing with short
    music videos and promos.

    WMV is not a file format to fear.

    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
    David H. Lipman, May 11, 2006
    #14
  15. From: "edgewalker" <>

    ..
    |
    | Some media filetypes (with mediaplayer) allow the firing up of IE and the
    | included URL will be visited. If a "bad" site wants visitors, then populating
    | p2p with "bad" mediafiles is an option for them.
    |
    | My advice is to put Windows Media Trojan in the trash bin - and I don't
    | care what version or how updated Microsoft says it is. Microsoft somehow
    | decided to include this stupid feature though it is configurable in new versions
    | I've heard.
    |

    Notice I said "the Media Player" not specifically a Microsoft product/utility :)

    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
    David H. Lipman, May 11, 2006
    #15
  16. Andy wrote:

    > Yes this is what I end to see. I execute a 1MB WMV file and the next
    > thing I know WMP has alunched as asks about being allowed to go off and
    > get some authorisation. Hmmm. I never let it.


    Minding you, any DRM software is something you clearly don't want on
    your computer.

    > If I run some other media player like Media Player Classic (by Gabest)
    > or Irfanview or Zoom then I just get an error message at this point
    > saying the player can't proceed.


    When removing at least the DRM client components, WMP tells the same.
    Sebastian Gottschalk, May 12, 2006
    #16
  17. Andy

    edgewalker Guest

    "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message news:3mO8g.41063$yU6.21790@trnddc05...
    > From: "edgewalker" <>
    >
    > .
    > |
    > | Some media filetypes (with mediaplayer) allow the firing up of IE and the
    > | included URL will be visited. If a "bad" site wants visitors, then populating
    > | p2p with "bad" mediafiles is an option for them.
    > |
    > | My advice is to put Windows Media Trojan in the trash bin - and I don't
    > | care what version or how updated Microsoft says it is. Microsoft somehow
    > | decided to include this stupid feature though it is configurable in new versions
    > | I've heard.
    > |
    >
    > Notice I said "the Media Player" not specifically a Microsoft product/utility :)


    ....and a good thing you did :))

    Anyway - if "the media player" happens to be a MS product, heed my warning
    because even fully patched it is a trojan by most definitions :)) Subjective as the
    definition is, most people wouldn't want this feature if they knew about it.
    edgewalker, May 12, 2006
    #17
  18. edgewalker wrote:

    > Anyway - if "the media player" happens to be a MS product, heed my warning
    > because even fully patched it is a trojan by most definitions :))


    In case of WMP: The MSDRM component is a trojan horse by definition, and
    the implementation proofs it.
    Sebastian Gottschalk, May 13, 2006
    #18
  19. Andy

    edgewalker Guest

    "Sebastian Gottschalk" <> wrote in message news:...
    > edgewalker wrote:
    >
    > > Anyway - if "the media player" happens to be a MS product, heed my warning
    > > because even fully patched it is a trojan by most definitions :))

    >
    > In case of WMP: The MSDRM component is a trojan horse by definition, and
    > the implementation proofs it.


    DRM has unfortunately become a necessary evil. The problem I stated with
    WMP is probably a deal Billy struck with the foistware crowd. Sorta makes
    you rethink how all those IE exploits remain "unpatched". WMP makes a sys
    call to the foistware handler i.e. IE. :))
    edgewalker, May 13, 2006
    #19
  20. edgewalker wrote:

    >>> Anyway - if "the media player" happens to be a MS product, heed my warning
    >>> because even fully patched it is a trojan by most definitions :))

    >> In case of WMP: The MSDRM component is a trojan horse by definition, and
    >> the implementation proofs it.

    >
    > DRM has unfortunately become a necessary evil.


    No, as it's not necessary at all.

    > Sorta makes you rethink how all those IE exploits remain "unpatched".
    > WMP makes a sys call to the foistware handler i.e. IE. :))


    This has been fixed in MSDRM v3 Build 3802 (KB891122) and has never been
    any issue to systems where the DRM client component is removed.
    Sebastian Gottschalk, May 13, 2006
    #20
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Boris Mohar

    Opening wmv links

    Boris Mohar, Dec 31, 2005, in forum: Firefox
    Replies:
    0
    Views:
    2,178
    Boris Mohar
    Dec 31, 2005
  2. Stan

    WMV files opening web-sites

    Stan, Aug 24, 2003, in forum: Computer Support
    Replies:
    0
    Views:
    593
  3. karlpov
    Replies:
    0
    Views:
    851
    karlpov
    Jun 27, 2003
  4. Skybuck Flying

    DANGER DANGER THIRD DAY CPU FAN FAILURE DANGER DANGER

    Skybuck Flying, Mar 22, 2010, in forum: Windows 64bit
    Replies:
    9
    Views:
    996
    Skybuck Flying
    Apr 1, 2010
  5. Matty F

    Is there any danger in opening spam?

    Matty F, Nov 4, 2010, in forum: NZ Computing
    Replies:
    34
    Views:
    3,420
    Lawrence D'Oliveiro
    Nov 7, 2010
Loading...

Share This Page