Codec Flaw Wreaks Havoc for Media Players
Researchers on December 11, 2007 began observing heightened activity on ports dedicated to media players, sending a strong signal that cyber attackers are on an overdrive, screening computers for a flawed codec, after information about it was released in the second week of December 2007.
On December 8, Symantec Corp. alerted that the exploit code for the flawed MP4 codec has been released. 3ivx Technologies Pty produces the MP4 codec. A compatibility program, MPEG-4 codec is meant to play back and create MP4 files in Microsoft's Windows Media Player Classic and Windows Media Player, and AOL's Winamp Media Player.
Secunia also categorized the vulnerability under the 'highly critical' group. The bugs are generated through boundary errors which can cause stack-based buffer overflows, with the help of a maliciously designed MP4 file, as published by Tech.Blorge on December 10, 2007.
Symantec analyst Raymond Ball notified to customers of the company's DeepSight threat network that the malicious exploit of the faulty codec allows the hacker to run random codes in the media player, as per news published by PCWorld on December 10, 2007.
Industry experts have witnessed proof-of-concept code affecting Windows Media Player Classic 6.4.9, Windows Media Player 6.4, and Winamp 5.32, which are all older versions of the widespread multimedia players. But newer versions are just as vulnerable as well, informed Ben Greenbaum, Senior Research Manager at Symantec Security Response, as told to SCMagazineUS and published on December 11, 2007.
Greenbaum said that attackers choose to use bugs in media players and plug-ins meant to increase their utility. He added that these attacks can use trusted websites as the platform to quickly reach a massive number of potential victims. Large numbers of websites allow users to upload their own content. This is an easy route for attackers to upload their exploit which can then spread in all directions.
Ball said in a statement that no patch program is yet available for the vulnerability, making it a high-threat case, as published by PCWorld on December 10, 2007. However, Microsoft seems to have made lead in the path of patching the problem.
» SPAMfighter News - 22-12-2007