The Channel logo


By | John Leyden 2nd May 2007 13:24

Poisoned MP4 files threaten Winamp users

Play it again, hacker

Hackers have crafted an exploit based on an unpatched vulnerability in Winamp, the popular media player package.

Security bugs within Winamp's MP4 decoding allow miscreants to slip malware onto the PCs of users running Winamp version 5.34.

The vulnerability has been coded into a script kiddie friendly exploit, however a number of mitigating factors make attacks based on the flaw difficult to carry out.

"After install Winamp is associated with .MP4 files. However, Winamp does not open .MP4 files embedded within websites," the SANS Institutes's Internet Storm Centre notes.

Miscreants would have to trick users into attempting to play a maliciously constructed MP4 file using Winamp for the trick to be successful. Users are advised to remove the association between .MP4 files and Winamp as a workaround until a vendor supplied patch is available. ®

comment icon Read 1 comment on this article alert Send corrections


Frank Jennings

What do you do? Use manual typwriters or live in a Scottish croft? Our man advises
A rusty petrol pump at an abandoned gas station. Pic by Silvia B. Jakiello via shutterstock

Trevor Pott

Among other things, Active Directory needs an overhaul
Baby looks taken aback/shocked/affronted. Photo by Shutterstock

Kat Hall

Plans for 2 million FTTP connections in next four years 'not enough'
Microsoft CEO Satya Nadella


League of gentlemen poster - Tubbs and Edward at the local shop. Copyright BBC
One reselling man tells his tale of woe