Codec flaws threaten Windows Media Player, Winamp

Share this article:

Updated, Dec. 10 at 5:22 p.m. EST

Researchers today began noticing increased activity on ports directed to media players, a strong indication that attackers are actively screening machines for a new codec vulnerability reported over the weekend.

The "highly critical" vulnerabilities, according to Secunia, are located in 3ivx Technologies' MPEG-4 codec, a required compatibility program used to create and play back MP4 files. The bugs are caused by boundary errors that can lead to stack-based buffer overflows via a maliciously crafted MP4 file.

Experts have seen proof-of-concept code impacting Windows Media Player 6.4, Media Player Classic 6.4.9 and Winamp 5.32 – all older versions of the popular multimedia applications. But other versions are likely vulnerable as well, Ben Greenbaum, senior research manager in Symantec Security Response, told SCMagazineUS.com today.

"We see people that are looking for machines that have already been exploited in this fashion or are trying to connect to machines that they think have been successfully exploited," he said.

Greenbaum said that attackers are opting to exploit bugs in media players and the plugins that increase their functionality as organizations and vendors get better at securing operating systems and applications.

"These attacks can be placed on trusted websites and immediately exposed to hundreds of thousands of potential victims," he said. "Lots of websites allow users to incorporate their own content. It's an easy way for attackers to get their exploit up to a site that's going to have a lot of eyes."

The goal of these attacks is usually to drop a secondary payload, such as a bot or trojan, he added.

As users await a patch, businesses should ensure they have policy in place that permits employees to connect to media players only for work purposes, Greenbaum said. In addition, organizations should be running an up-to-date anti-virus solution, an intrusion detection system and endpoint security management tools to help identify and remove vulnerable software.

A spokesperson for 3ivx, which would be responsible for the fix, did not return a request for comment. 

A spokesman for AOL, which owns Winamp, said users should update to the latest version.

"We encourage everyone to upgrade to [version] 5.5, which is actually not vulnerable to the attack," AOL spokesman Kurt Patat told SCMagazineUS.com today. "That's people's best bet if they want to avoid the vulnerability."

Mark Miller, director of security response for Microsoft, advised Windows Media Player users to do the same.

"The affected code does not ship in box with any version of Windows or Windows Media Player," he said.

 

 

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Email promises free pizza, ensnares victims in Asprox botnet instead

Email promises free pizza, ensnares victims in Asprox ...

Cloudmark came upon an email that offers free pizza, but clicking on the link to get the coupon ends with victims being ensnared in a botnet.

Report: most orgs lacking in response team, policies to address cyber incidents

In its Q3 threat intelligence report, Solutionary learned that 75 percent of organizations it assisted had no response team or policies and procedures to address cyber incidents.

Flash redirect campaign impacts Carnegie Mellon page, leads to Angler EK

Flash redirect campaign impacts Carnegie Mellon page, leads ...

Malwarebytes found that, since early July, thousands of sites had been targeted in the campaign.