Channel Register

Poisoned MP4 files threaten Winamp users

Play it again, hacker

Free whitepaper – Essential archive requirements for eDiscovery

Hackers have crafted an exploit based on an unpatched vulnerability in Winamp, the popular media player package.

Security bugs within Winamp's MP4 decoding allow miscreants to slip malware onto the PCs of users running Winamp version 5.34.

The vulnerability has been coded into a script kiddie friendly exploit, however a number of mitigating factors make attacks based on the flaw difficult to carry out.

"After install Winamp is associated with .MP4 files. However, Winamp does not open .MP4 files embedded within websites," the SANS Institutes's Internet Storm Centre notes.

Miscreants would have to trick users into attempting to play a maliciously constructed MP4 file using Winamp for the trick to be successful. Users are advised to remove the association between .MP4 files and Winamp as a workaround until a vendor supplied patch is available. ®

Free whitepaper – Five essential considerations for Exchange 2007 implementations

Don’t Miss

Pirates ahoy!Sign up, sign up for The Register IT security newsletter

Narrowcasting for the email classes

SunFormer top Sun exec mourns end of a franchise

Watermelons, Elton John, and killing SGI

HTC Touch Diamond 2Win an HTC Touch Diamond2!

Reg Lucky Draw Last call for iPhone botherer promo

thumbs down teaser 75Disties braced for autumn reseller collapses

Is that why they call it fall?