[vlc] Malicious code in MP3 files: will VLC execute them?
Dotan Cohen
dotancohen at gmail.com
Wed Jun 15 09:06:40 CEST 2011
I am a Linux user so I'm not up to date about current Windows threats.
The wife just got a Windows 7 laptop and she wants to play MP3 files
from her friends. I am worried about opening files from
likely-infected machines (I myself have seen how bad these friends'
computers are) on her Windows machine. If there exist malicious code
in MP3 files from the other computers, might VLC run it? I understand
that malicious code could be injected into MP3 tags and that QuickTime
does in fact execute it.
On the same note, how does one scan for malicious software the USB key
used to transfer the files? Once it's connected I don't need some
auto-garbage loading executable code from the drive. Should I run it
through ClamAV on the Linux computer first? That is a hassle as the
Linux machine is not a laptop.
Thanks.
--
Dotan Cohen
http://gibberish.co.il
http://what-is-what.com
More information about the vlc
mailing list