Here we go again.... Microsoft Windows XP has yet another vulnerability that is being rated as "critical" ( according to Microsoft's maximum security rating system). An attacker who successfully exploited this vulnerability could gain complete control over another user's system, including creating, modifying, deleting data; reconfiguring the system, reformatting the hard drive, or running programs of the attacker's choice. This is rated critical due how easy the buffer overrun can be executed -- if a user simply hovers their mouse pointer over the icon for the file (either on a Web page or local disk), or opens a shared folder where the file is stored, the vulnerable code would be invoked. An HTML email could also cause the code to be invoked if a user opens or previews the email. This buffer overflow exists in Explorer's automatic reading of an MP3's attributes in Windows XP; this could allow an attacker to create a malicious MP3 file, that if placed in an accessed folder on a Windows XP system, would compromise the system and allow for remote code execution. The MP3 does not need to be played, it simply needs to be stored in a folder that is browsed to, such as an MP3 download folder, the desktop, or a NetBIOS share. This vulnerability is also exploitable via Internet Explorer by loading a malicious web site.
Hybrid Mode
