xmp said:
That's true of most exploits whether stack overflows, format bugs, or
whatever. Most are simply coding errors which are inevitable. A few
are due to features, e.g. exploits that utilize My Computer Zone.
Others are intrinsic to the protocol, e.g. spoofing in TCP/IP. It will
be interesting to see what happens as more stuff is compiled with stack
and format guards.
I wonder if iDefense would pay for a media player exploit?
michael
So the answer to the original poster's question is YES ... er and NO
The format of WAV files is not so strongly restricted that it's not
possible for a file to be crafted that exploits a particular
impmentation of WAV play (whether this be by buffer overflow or or the
wrong data type for a particular field).
However, whether such a crafted WAV file can have an impact on a
target system is entirely dependant on the type of application which
is used upon it -
If you receive a crafted WAV file and don't do anything more with it
then it cannot have an impact.
If you load a crafted WAV file into an WAV player then it may have an
impact, particularly if the crafted vulnerability is aimed at your
specific WAV player (although other players may crash or evidence
other instability in the light of these non-standard WAV elements).
In the real world, where a significant market share is owned by
Microsoft and Windows Media Player then it seems reasonable to say
that a crafted WAV file aimed at this application will potentially
cause a problem, however, I'm not aware of a WAV exploit that has
successfuly targetted Windows Media Player (there may have been an
exploit of the 'skins' facility in this application ...but that uses a
different file type).
Regards
