2

Can *.avi or other media file contain any dangerous script or code? I saw following message in Microsoft Security Essentials:

Category: Trojan Downloader

Description: This program is dangerous and downloads other programs.

Recommendation: Remove this software immediately.
Items: 
containerfile:C:\Users\...\amediafilename.avi
file:C:\Users\...\amediafilename.avi->(ASF_Script_Commands)
Jalal
  • 6,594
  • 9
  • 63
  • 100

2 Answers2

1

These dangerous files (in general, any file can pose a treat) exploit a bug in a certain program or driver, usually via a buffer overflow. If your program uses that driver/helper/whatever, it can possibly lead to the virus being downloaded by proxy, even if your program is bug-free.

Femaref
  • 60,705
  • 7
  • 138
  • 176
  • Thanks for answer! But is there any way to protect client computer from these kind of attacks or it's OS or Antivirus responsibility? – Jalal Sep 05 '10 at 13:04
  • Fixing this is duty of the producer that created the buggy software - only thing you can do is user education: "don't play files from places you don't know" etc etc etc. – Femaref Sep 05 '10 at 13:24
1

With the media files, they generally attack (or exploit) the codec that runs them. Because of this, the exploit code will run with the same permissions as the user running your application - if the user is running your app as admin (or is just running as admin on non UAC systems) then the exploit has full rights.

The rule is: never trust the input. If you run/execute external files (even via a linked library or embedded third party control) then you should avoid requiring that your app run as admin.

slugster
  • 49,403
  • 14
  • 95
  • 145