Just days after an attack code was released for the MPEG-4 codec vulnerability, an increase in activity on ports directed to media players has been noted by security researchers, which could mean that attackers are actively scanning for vulnerable machines.

The MPEG-4 codec by 3ivx Technologies is a compatibility program used to create and play back MP4 files in Windows Media Player and Windows Media Player Classic, both from Microsoft, and Winamp Media Player from AOL.

Secunia has described the vulnerability as highly critical. The bugs are caused by boundary errors that can lead to stack-based buffer overflows via a maliciously crafted MP4 file, SC Magazine writes.

“The exploit works by supplying victims with a maliciously formed MP4 file,” Symantec analyst Raymond Ball said in a post on the company’s DeepSight threat network. “When a victim unknowingly clicks a link that appears safe, the MP4 content is delivered, causing the exploit to run.”

“No patch is available for the vulnerability, making this a high-threat issue,” Ball said. However, he advises users not to click any suspicious links in browsers and email programs. He also recommends removing the MP4 codec or disabling media players that use the MP4 codec until the hole is plugged, PC World writes.

While Microsoft announced that one of seven security updates scheduled for Tuesday will address flaws in Windows Media Player, it is unclear whether the security updates will resolve this particular flaw.

AOL for its part is encouraging users to upgrade to Winamp version 5.5, which is not vulnerable to the attack.

Related:

Entry was posted on Monday, December 10th, 2007 at 11:51 pm under Media players, Microsoft, Security.

Read more entries by Ruben Francia.
Stumble It!