The flaw in Windows XP enables music files of either MP3 or Windows Media format to deliver a malicious payload without even being played by a user.

"Because of the file handling capabilities of XP, it reads the file header as you open up the directory where the file is contained, or float above an MP3 file with your cursor," Henk Pieters, spokesperson for Foundstone, told NewsFactor. Foundstone is the security firm that discovered the flaws. "At that point, if there's a malicious payload within that MP3 file, it could overflow the buffer, meaning it could shut down the computer. The hacker can then take control of the computer."

The Fix

Microsoft immediately offered a patch for the Windows XP flaw, rating its severity as critical. Flaws that are rated critical are particularly dangerous because users do not need to open hacked files to make their system vulnerable.

"The vulnerability lies in the Windows Shell, rather than Windows Media Player. As a result, playing an audio file with Windows Media Player would not pose any additional risk," Microsoft said.

The company noted that no other versions of Windows are affected. In its patch bulletin, it also provided instructions for removing suspicious files.

Microsoft representatives were not available for comment.

Winamp Flaw

The flaw that Foundstone discovered in Winamp, a media player made by Nullsoft, exploits the tag feature of an MP3 file. Specifically, if a long artist ID3v2 tag is loaded in Winamp 2.81, a hacker can take control of that PC.

Similarly, if an MP3 with such a malformed tag is loaded into the Winamp 3.0 Media Library, an attacker can run code on the user's system from a remote location.

In its security bulletin describing the flaws, Nullsoft said it has released new versions of Winamp 2.81 and 3.0. The company added that anyone using a Winamp player downloaded before December 17, 2002, is vulnerable.

"To be fully protected, we suggest that you download the latest versions ... from our site right away," the company said.

Multimedia Battleground

Windows XP and Winamp are not the only software products that have been named in security bulletins about media files. Popular Web design software developer Macromedia warned in mid-December that a flaw in its Shockwave Flash Player makes a user's system vulnerable to attack.

Veteran peer-to-peer (P2P) networking observers note that vulnerabilities based on multimedia files play into the music and film industries' desire to thwart file trading networks.

Legislation proposed in the U.S. Congress this summer would allow copyright owners greater latitude in attacking P2P networks. The legislation would immunize copyright holders from legal recourse if they were to disable or otherwise impair a peer-to-peer file trading network.

Such disruptions would be allowed if a copyright holder has "reasonable basis" to believe a network is facilitating piracy. The proposed legislation has been widely criticized by trade associations and legal experts.