Well, that didn't take long. Vista has a vulnerability which allow an mp3 to delete files.
Essentially Vista has voice recognition, and if switched on then a sound file could be used to tell the PC to delete files.
The concept has been proven already.
Don't worry though as Microsoft 'has pointed out that in order for the flaw to be exploited the speech recognition feature would need to be activated and configured and both microphone and speakers would have to be switched on.'
That's all right then. Nobody using voice recognition would possibly have a microphone plugged in and the speakers on. Unthinkable!
'Microsoft has said that even if the machine was primed to accept voice commands it would be unlikely the user would not be in the room to hear the file with malicious instructions being played.'
Yeah, I've never got up from my PC to make a cup of tea. Never.
So, whilst it won't affect all installations, it will affect those actually using speech recognition - but that's okay as the user will always be alert enough to act instantly before any damage is done.
Hardly the most secure thing ever, is it?
What's the problem with having a speech recognition system which some user changeable code word (or button push) which must be activated before accepting commands?
For example, we could give our computers a name, 'Fred... please delete the harddrive'. It makes the mp3 attack much harder!