Re: Problem playing an avi file

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


On Thursday, July 15, 2010 15:18:58 Alan Cox wrote:
> On Thu, 15 Jul 2010 14:57:16 +0100 Marko Vojinovic <[email protected]>
> wrote:
> > It's a hoax, coupled with propaganda. The very same thing happens even if
> > you actually use Windows Media Player to play the file, on a Windows
> > machine.
> > I didn't try to scan it for viruses/trojans/worms/malware/etc., because I
> > believe you cannot get infected by playing a movie in mplayer (unless
> > mplayer has some serious security exploit that nobody is aware of). So
> > just drop that file and go find a genuine one.
> There have been numerous exploits against video codecs, and fuzz testing
> codecs is .. interesting. The players may well have the odd bug but the
> codecs tend to parse extremely complex compressed data streams from an
> untrusted source, have to do it at high speed and seem to be the main
> source of holes.
> Whether a Windows exploit would work on a non Windows box who knows. It
> may well be the message is because it contains a trojan that *only* works
> in a specific player/codec combination.

Right, so this is not propaganda, but rather instructions which player/codec 
combination is vulnerable to the trojan attack. The user sees the message, 
tries to play the file in the appropriate player with appropriate codec, and 
---  sees the same message yet again, but gets infected in the process. Nifty 
stuff! :-)

So, as long as one *doesn't* follow the instructions on the screen, everything 
is ok. :-) Linux players like mplayer, vlc, and others are most probably 
immune to this, so no problem there.

Luckily, the Windows machine I tried it on is a virtual one (ie. disposable).

Best, :-)

users mailing list
[email protected]
To unsubscribe or change subscription options:

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux