Codec flaws threaten Windows Media Player, Winamp

Share this article:

Updated, Dec. 10 at 5:22 p.m. EST

Researchers today began noticing increased activity on ports directed to media players, a strong indication that attackers are actively screening machines for a new codec vulnerability reported over the weekend.

The "highly critical" vulnerabilities, according to Secunia, are located in 3ivx Technologies' MPEG-4 codec, a required compatibility program used to create and play back MP4 files. The bugs are caused by boundary errors that can lead to stack-based buffer overflows via a maliciously crafted MP4 file.

Experts have seen proof-of-concept code impacting Windows Media Player 6.4, Media Player Classic 6.4.9 and Winamp 5.32 – all older versions of the popular multimedia applications. But other versions are likely vulnerable as well, Ben Greenbaum, senior research manager in Symantec Security Response, told SCMagazineUS.com today.

"We see people that are looking for machines that have already been exploited in this fashion or are trying to connect to machines that they think have been successfully exploited," he said.

Greenbaum said that attackers are opting to exploit bugs in media players and the plugins that increase their functionality as organizations and vendors get better at securing operating systems and applications.

"These attacks can be placed on trusted websites and immediately exposed to hundreds of thousands of potential victims," he said. "Lots of websites allow users to incorporate their own content. It's an easy way for attackers to get their exploit up to a site that's going to have a lot of eyes."

The goal of these attacks is usually to drop a secondary payload, such as a bot or trojan, he added.

As users await a patch, businesses should ensure they have policy in place that permits employees to connect to media players only for work purposes, Greenbaum said. In addition, organizations should be running an up-to-date anti-virus solution, an intrusion detection system and endpoint security management tools to help identify and remove vulnerable software.

A spokesperson for 3ivx, which would be responsible for the fix, did not return a request for comment. 

A spokesman for AOL, which owns Winamp, said users should update to the latest version.

"We encourage everyone to upgrade to [version] 5.5, which is actually not vulnerable to the attack," AOL spokesman Kurt Patat told SCMagazineUS.com today. "That's people's best bet if they want to avoid the vulnerability."

Mark Miller, director of security response for Microsoft, advised Windows Media Player users to do the same.

"The affected code does not ship in box with any version of Windows or Windows Media Player," he said.

 

 

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

Beazley: employee errors root of most data breaches, but malware incidents cost ...

Insurance firm Beazley analyzed more than 1,500 data breaches it serviced between 2013 and 2014.

Apple issues seven updates, fixes more than 40 vulnerabilities in iOS 8, OS 10.9.5

Apple issues seven updates, fixes more than 40 ...

In one of its infrequent "Update Surprisedays," Apple plugged holes, boosted security and added features.

Canadian telecom co. Telus unveils first transparency report

The company received more than 100,000 government requests for customer data last year.