Can FLAC be used to run Malicious Code? 2012-04-20 13:49:57 Ok, so firstly I'd like to start off by saying that all FLAC files in question are coming from an external source. However, they are being used to replace an extensively damaged, legally owned disk, so please, please, please don't give me all that DCMA stuff. I like to buy my music.Secondly I'll say that I'm exactly new to computers, and I realise that this at first sounds like kind of a trivial question, so I apologise for that. Basically I have some FLAC files that microsoft security essentials has picked up as trojans, before I even did anything with the files, so they are currently sitting dormant. Normally I would say that they are false positives thrown up by MSE's heuristics, except that they are Trojan:JS/Pdfjsc.Y and Exploit:JS/Neosplit.A, in two separate files. I understand that in order for the files to actually do anything, they have to be run as executable code, which in theory, is impossible for a FLAC file. But are there any known exploits in older FLAC decoders that could possibly allow a trojan to run itself? (ie, a buffer overrun or something like the windows picture viewer TIFF exploit). If not, why would a FLAC file have a virus attached anyway? or has the original owner allowed a rather stupidly coded trojan to arbitrarily infect the files, because it can?I should probably just bite the bullet, open them, and have foobar tell me that they're both corrupted, but I'm ultra paranoid about these things. Is it worth creating a throwaway virtual machine just too see what happens?Thanks.