Poisoned MP4 files threaten Winamp users | The Register

Skip to content

Security:

News Tools

Reg Shops

Top Stories

Read more top stories

Related Whitepapers

How IT Management Can "Green" the Data Center
A Gartner Report
What Every E-Business Should Know about SSL Security and Consumer Trust
A Verisign Business Guide
Gartner Paper: US Data Centers
The Calm Before the Storm
SSL in High-Security Browsers
The Browser Security Revolution
The Perfect (Virtual) Marriage
Deduplication and VMware
Solution Brief: Reduce Energy Costs
With Green IT Solutions

The Register » Security »

Poisoned MP4 files threaten Winamp users

Play it again, hacker

By John Leyden → More by this author

Published Wednesday 2nd May 2007 13:24 GMT

How IT Management Can "Green" the Data Center - Free Download

Hackers have crafted an exploit based on an unpatched vulnerability in Winamp, the popular media player package.

Security bugs within Winamp's MP4 decoding allow miscreants to slip malware onto the PCs of users running Winamp version 5.34.

The vulnerability has been coded into a script kiddie friendly exploit, however a number of mitigating factors make attacks based on the flaw difficult to carry out.

"After install Winamp is associated with .MP4 files. However, Winamp does not open .MP4 files embedded within websites," the SANS Institutes's Internet Storm Centre notes.

Miscreants would have to trick users into attempting to play a maliciously constructed MP4 file using Winamp for the trick to be successful. Users are advised to remove the association between .MP4 files and Winamp as a workaround until a vendor supplied patch is available. ®

Save money taking your comms online - Free live event - Register now

1 comment posted — Comment period finished

Fix won't work?

Posted: 14:30 2nd May 2007

Track this type of story as a custom Atom/RSS feed or by email.

Related stories

Winamp blighted by bug brace (21 January 2008)
IE + RealPlayer = Security hole (20 October 2007)
Apple patches security hole in QuickTime (2 May 2007)
QuickTime, not Safari, to blame for MacBook vuln (25 April 2007)
Safari zero-day exploit nets $10,000 prize (20 April 2007)
Microsoft zero-days said to target Office and Windows (11 April 2007)
Britney fears used as ANI exploit lure (5 April 2007)
MySpace-hosted malware exploits QuickTime flaw (16 March 2007)
The rise of zero-day patches (2 March 2007)
Winamp exploit poses hacker risk (31 January 2006)

Post to Slashdot

Add to del.icio.us

Previous Article

From small embedded OS to the world's most used open mobile OS

whitepaper title

How IT Management Can "Green" the Data Center

This Gartner research provides managers with an outline of the trends affecting datacenters and offers strategies with which to address these changes..

whitepaper title

Gartner Paper: US Data Centers

U.S. enterprise data centers face considerable space and energy constraints over the next few years. Download this free independent report to read more..

Whitepapers
The Evolving Security Landscape Server Consolidation and Containment Two Factor Authentication Making the Connection

How IT Management Can "Green" the Data Center

A Gartner Report

Download for free NOW

Top 20 stories • All The Week’s Headlines • Archive • Search