DISCLAIMER: Logging other people's keystrokes or breaking
into other people's computer without their permission can
be considered illegal by the courts of many countries.
The monitoring software reviewed here is ONLY for authorized
system administrators and/or owners of computers.
We assume no liability and are not responsible for any misuse
or damage caused by the keylogging software. The end user of
this software is obliged to obey all applicable local, state,
federal and other laws in his country of residence.
December 12th, 2007
Symantec Warns of Safety Risk in Media Players
Attack code threatens popular media players from Microsoft Corp. and AOL LLC, said a security expert who told Windows users to remove a buggy coder/decoder (codec) or disable the player programs.
In a Saturday alert, Symantec Corp. said exploit code had been released that attacked a vulnerability in a flawed MP4 codec produced by 3ivx Technologies Pty. Windows Media Player and Windows Media Player Classic, both from Microsoft, and Winamp Media Player, a popular alternative distributed by Nullsoft Inc, an AOL subsidiary, use the codec.
‘Exploitation of this vulnerability allows the attacker to run arbitrary code in the context of the media player,’ said Symantec analyst Raymond Ball in a note to customers of the company's DeepSight threat network.
The hacker who posted the code claimed that the exploit works against Windows Media Player 6.4, an older edition included with Windows 95, Windows 98 and Windows 2000, but Ball noted that because the codec is ‘fairly popular,’ other versions of Windows Media Player, as well as other player programs, may also be vulnerable. The hacker also tweaked the exploit to work against Winamp 5.32, but the current Winamp 5.5 is invulnerable to the attack.
An attack would likely be delivered via a malicious MP4 file, Ball said.
‘No patch is available for the vulnerability, making this a high-threat issue,’ Ball added. ‘To mitigate this issue until a patch is available, customers are advised to remove the MP4 codec until patches are available, disable media players that use the MP4 codec and be cautious while accessing e-mail, Web content and other means of distributing media files.’
Microsoft may be on the verge of patching the problem. Last Thursday, it announced that one of seven security updates scheduled for Tuesday will fix one or more unspecified flaws in Windows Media Player. It's unlikely that Microsoft will patch Version 6.4, however, since it has ended support for the operating systems using that version. But it will release a fix for Version 7.1, the edition included with Windows 2000 Service Pack 4, as well as for all later versions.
Source: PCWORLD
All news for December, 2008
All news for 2008 year
All news for 2007 year
All news for 2006 year
All news for 2005 year
All news for 2004 year
DONATION: Keylogger.org is an independent research
project supported by a team of enthusiasts. If you find this
project useful or would like to help foster its continued
development please consider making a donation using PayPal`s
online secure payment service. A PayPal account is not required.
All major credit cards are accepted (MasterCard/Eurocard,
Visa/Delta/Electron, American Express, Switch/Maestro, Solo).
Simply click the button below.
Any amount would be useful and appreciated!
Thanks in advance for your support!
|
