Can *.avi or other media file contain any dangerous script or code?
I saw following message in Microsoft Security Essentials:
Category: Trojan Downloader
Description: This program is dangerous and downloads other programs.
Recommendation: Remove this software immediately.
Items:
containerfile:C:\Users\...\amediafilename.avi
file:C:\Users\...\amediafilename.avi->(ASF_Script_Commands)
On
With the media files, they generally attack (or exploit) the codec that runs them. Because of this, the exploit code will run with the same permissions as the user running your application - if the user is running your app as admin (or is just running as admin on non UAC systems) then the exploit has full rights.
The rule is: never trust the input. If you run/execute external files (even via a linked library or embedded third party control) then you should avoid requiring that your app run as admin.
These dangerous files (in general, any file can pose a treat) exploit a bug in a certain program or driver, usually via a buffer overflow. If your program uses that driver/helper/whatever, it can possibly lead to the virus being downloaded by proxy, even if your program is bug-free.