But protection is on the way, as 3ivx told SCMagazineUS.com today in an email that the company plans to issue a software update later this week. A company spokeswoman said the vulnerability is actually in the MP4 file format reader, not the MPEG-4 codec.
"The specific vulnerability is when MP4 or M4A file metadata (Artist, Album, Title, etc.) data is larger than expected, thus causing a buffer overflow," she said. "The problem with the various attacks available is they require a specific version of an MPEG-4 filter to be installed, and a specific player to be used to play the crafted MP4. Interestingly, if this were to become a serious problem for video content portals, it would be possible to scan content for invalid metadata before making the content available to the public. A little bit like virus scanning."
Don't let it come to that. Make sure you upgrade to the 5.0.2 release.