Problem playing an avi file

JD jd1008 at gmail.com
Thu Jul 15 16:33:19 UTC 2010


  On 07/15/2010 07:46 AM, Marko Vojinovic wrote:
> On Thursday, July 15, 2010 15:18:58 Alan Cox wrote:
>> On Thu, 15 Jul 2010 14:57:16 +0100 Marko Vojinovic<vvmarko at gmail.com>
>> wrote:
>>> It's a hoax, coupled with propaganda. The very same thing happens even if
>>> you actually use Windows Media Player to play the file, on a Windows
>>> machine.
> [snip]
>>> I didn't try to scan it for viruses/trojans/worms/malware/etc., because I
>>> believe you cannot get infected by playing a movie in mplayer (unless
>>> mplayer has some serious security exploit that nobody is aware of). So
>>> just drop that file and go find a genuine one.
>> There have been numerous exploits against video codecs, and fuzz testing
>> codecs is .. interesting. The players may well have the odd bug but the
>> codecs tend to parse extremely complex compressed data streams from an
>> untrusted source, have to do it at high speed and seem to be the main
>> source of holes.
>>
>> Whether a Windows exploit would work on a non Windows box who knows. It
>> may well be the message is because it contains a trojan that *only* works
>> in a specific player/codec combination.
> Right, so this is not propaganda, but rather instructions which player/codec
> combination is vulnerable to the trojan attack. The user sees the message,
> tries to play the file in the appropriate player with appropriate codec, and
> ---  sees the same message yet again, but gets infected in the process. Nifty
> stuff! :-)
>
> So, as long as one *doesn't* follow the instructions on the screen, everything
> is ok. :-) Linux players like mplayer, vlc, and others are most probably
> immune to this, so no problem there.
>
> Luckily, the Windows machine I tried it on is a virtual one (ie. disposable).
>
> Best, :-)
> Marko
>
On a similar windows machine, I tried it with windows media player.
Well the eplayer immediately popped up a banner saying that the avi
file does not conform to something (forgot what) and warned me of
a possible attack.
So I chose to cancel.



More information about the users mailing list