Any way to tell if wmv file contains executable code?

J

janedough250164

I was just reading that information inherent in a wmv file can execute
other files (see below). Is there any way to determine if there's code in
a wmv file before opening it with WM Player or Media Player Classic (or
another program)?








http://www.geocities.com/ResearchTriangle/Lab/1131/eng/safe.html

There is also an issue regarding Windows Media Player, which under some
Click to expand...
environments may allow any media file which is opened by Windows Media
Player to execute some local files (depending on their extensions, but
including some executable extensions) as long as the name and path of the
file are given in that media file. The issue, has to do with the ability of
..wmv files to refer to an Internet address (the accurate term should be URL
rather than "Internet address"). This address can also be a location of a
local file in the computer. In such a case, the wmv file can instruct
Windows Media Player to execute a local executable file, as long as the
location and name of the file are given in the .wmv file. As you should
already know, the WMV file may have any extension as long as it is opened
by Windows Media Player. There is a way to block an exploitation of this
security hole, and it involves tweaking the registry keys. The instruction
is relevant to Internet Explorer versions 4 and above. It has to do with
disabling the "Download unsigned ActiveX controls", in the "My Computer"
security zone.
We shall not give here full explanation, but only comment that this
Click to expand...
activity is done with the help of components from Internet Explorer. The
needed tweaking is to use a registry editor, and in the following
 
M

MAP

I was just reading that information inherent in a wmv file can execute
other files (see below). Is there any way to determine if there's
code in a wmv file before opening it with WM Player or Media Player
Classic (or another program)?








http://www.geocities.com/ResearchTriangle/Lab/1131/eng/safe.html


environments may allow any media file which is opened by Windows Media
Player to execute some local files (depending on their extensions, but
including some executable extensions) as long as the name and path of
the file are given in that media file. The issue, has to do with the
ability of .wmv files to refer to an Internet address (the accurate
term should be URL rather than "Internet address"). This address can
also be a location of a local file in the computer. In such a case,
the wmv file can instruct Windows Media Player to execute a local
executable file, as long as the location and name of the file are
given in the .wmv file. As you should already know, the WMV file may
have any extension as long as it is opened by Windows Media Player.
There is a way to block an exploitation of this security hole, and it
involves tweaking the registry keys. The instruction is relevant to
Internet Explorer versions 4 and above. It has to do with disabling
the "Download unsigned ActiveX controls", in the "My Computer"
security zone.
activity is done with the help of components from Internet Explorer.
The needed tweaking is to use a registry editor, and in the following
Click to expand...

That's what a good anti-virus program is for. (or process guard or the paid
version of kiero) Note the link you provided is nearly 5 years old.
 
D

David H. Lipman

From: <[email protected]>

| I was just reading that information inherent in a wmv file can execute
| other files (see below). Is there any way to determine if there's code in
| a wmv file before opening it with WM Player or Media Player Classic (or
| another program)?
|
| http://www.geocities.com/ResearchTriangle/Lab/1131/eng/safe.html
|| environments may allow any media file which is opened by Windows Media
| Player to execute some local files (depending on their extensions, but
| including some executable extensions) as long as the name and path of the
| file are given in that media file. The issue, has to do with the ability of
| .wmv files to refer to an Internet address (the accurate term should be URL
| rather than "Internet address"). This address can also be a location of a
| local file in the computer. In such a case, the wmv file can instruct
| Windows Media Player to execute a local executable file, as long as the
| location and name of the file are given in the .wmv file. As you should
| already know, the WMV file may have any extension as long as it is opened
| by Windows Media Player. There is a way to block an exploitation of this
| security hole, and it involves tweaking the registry keys. The instruction
| is relevant to Internet Explorer versions 4 and above. It has to do with
| disabling the "Download unsigned ActiveX controls", in the "My Computer"
| security zone.| activity is done with the help of components from Internet Explorer. The
| needed tweaking is to use a registry editor, and in the following
As Mike indicated that is what Anti Virus softqwasre is for. If you don't scann all file
types then make sure WMV files are scanned.

Any file can be named anyrhing and can still be used via the registry even if the file
extension is not a executable file. However, you have more to worry about a Wimad Trojan
where the WMV explots the Windows Media Player DRM to download and install malware. A
tactic the Zango/180Solutions is well known for.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Listening to email attachements with audio 5
Getting MPC to play wmv files without WMP, how? 5
Media Player 9 problem 1
Playback Streaming WMV Files from Web Server 1
No audio in WM Player 11 for WMV 1
Trouble Opening WMV File 10
File assocation to be changed 5
Windows Media player (10.00) message: "A security upgrade reuires to play this file.." 1

Top