A security vulnerability in the Windows XP shell could compromise user systems, letting attackers take over machines and run malicious code. The vulnerability affects all XP versions--XP Home Edition, XP Professional Edition (including the 64-bit version), XP Media Center Edition, and XP Tablet PC Edition--and takes advantage of an XP feature that lets the system extract information from audio files in MP3 and Windows Media Audio (WMA) formats.
"An unchecked buffer exists in one of the functions used by the Windows Shell to extract custom attribute information from audio files," a Microsoft security bulletin that describes the vulnerability reads. "A security vulnerability results because it is possible for a malicious user to mount a buffer overrun attack and attempt to exploit this flaw."
An attacker could use the vulnerability to create a bogus or compromised audio file that contains executable code that's accessible through the file's metadata information. A user can trigger the code by retrieving the file from a file-sharing service, through email, or from some other online location, then holding the cursor over the file in the Windows Explorer shell. Malicious code in the file could crash the shell or unleash an attack that creates, modifies, or deletes data; reconfigures the system; or reformats the hard disk. Although security researchers originally viewed this problem as a Windows Media Player (WMP) vulnerability, Microsoft says the vulnerability is in the XP shell, not in the player.
XP users who have enabled Auto Update are already protected against this vulnerability. Other XP users can download a fix from Windows Update. For more information and a downloadable version of the patch, visit the Microsoft Web site.