Originally posted by: BrownTown
Well, I don't know anything about this, but certainnly AVI files aren't SUPPOSED to allow you to do such things, but it is always possible that windows had a flaw where you could trick it into letting you execute code.
It was a very well known security issue with windows media player.
Let's put it this way - if you accept any data, of any kind, in any way, wheter with or without your permission...code that you don't authorize can be run. Especially if you don't patch rigorously as soon as they are released.
scooby - look up "buffer overflow" or "remote code executiion".
To prevent look at the consolidated security thread in the Software forum.
-edit-
this is high tech forum so I'll try my best even though I'm not a programmer...
1) you receive data that you requested (or in a WORM, you never requested it) as a user.
2) this stream contains information in it to take advantage of a process that doesn't know what to do with the overflow of information that it has stored in a memory buffer. An unchecked buffer overflow.
3) processor's "what do I execute next" points to this code in memory. Remember a processor just says "what do I do next, where do I go, where did I come from, what is my next instruction" (stack)
4) this "bad" code is now in memory and the processor goes ahead and executes it
That's my best non-high tech explation. I'm sure lots of really smart people can put it better. But in the end, binary code, regardless of user privelages is executed because the "bad thing" occurs below the operating system by taking advantage of a bug in the operating system or application.
