IWETHEY v. 0.3.0 | TODO
1,095 registered users | 0 active users | 0 LpH | Statistics
Login | Create New User
IWETHEY Banner

Welcome to IWETHEY!

New Windows media player and activex
I'm trying to find articles/discussions on windows media player and acivex. I may be remembering this wrong but I thought I had read that wmv files could make system calls with activex controls and had a significant possibility of being a spyware/virus vector. My google-fu must be weak, all I'm getting is page after page of "how to remove DRM".
-----------------------------------------
You can fire an at will employee for good cause or no cause, but not bad cause.
New "Windows Media Player Trojan" gives 610 hits.
Without the quotes, it gives 1.5 M.

e.g. [link|http://seclists.org/bugtraq/2005/Jan/0130.html|seclists] and [link|http://www.vnunet.com/vnunet/news/2126479/malicious-trojan-infects-windows-media-player|vnunet].

HTH.

Cheers,
Scott.
New Thanks but I already know about the DRM stuff
It's the activex aspect I'm trying to pin down.
-----------------------------------------
You can fire an at will employee for good cause or no cause, but not bad cause.
New ?
The things I found I thought had little if anything to do with DRM.

I'd look around bugtraq - e.g. here's a list of threads on [link|http://marc.info/?l=bugtraq&w=2&r=1&s=wmp&q=b|wmp]. AFAIK, most of the windows security issues eventually show up there.

Good luck.

Cheers,
Scott.
New Heh.. the 4 ads below are about "How to fix Acti-vex"
Nary a one on, "how to use" Acti - -

Wonder why.

New Maybe this will be of help
[link|http://msdn2.microsoft.com/en-us/library/aa385736.aspx|http://msdn2.microso...ary/aa385736.aspx]

If the file contains no unsupported streams and contains one or more video streams either uncompressed or encoded with any Windows Media video codec, the file must use the .wmv extension. These files may also include PCM audio streams, audio streams encoded with any Windows Media audio codec, script streams, and Web streams.


Those sound like possible vectors to me. Or maybe you're thinking of .asf files, also mentioned at that link and described in the surrounding SDK docs.
--
Chris Altmann
New That looks promising.
I do know that the word script was referenced in whatever it is I vaguely remember about wmv and spyware.
-----------------------------------------
You can fire an at will employee for good cause or no cause, but not bad cause.
     Windows media player and activex - (Silverlock) - (6)
         "Windows Media Player Trojan" gives 610 hits. - (Another Scott) - (2)
             Thanks but I already know about the DRM stuff - (Silverlock) - (1)
                 ? - (Another Scott)
         Heh.. the 4 ads below are about "How to fix Acti-vex" - (Ashton)
         Maybe this will be of help - (altmann) - (1)
             That looks promising. - (Silverlock)

I don't even think that thing in the middle is a net.
63 ms