Go to the Softpedia homepage


NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
Home / News / Security / Advisories

Advisories

Media Player Classic Can Get Your Computer Compromised!

Flaw disclosed

By Alexandru Dumitru, Security News Editor

13th of September 2007, 13:28 GMT

Adjust text size:



Enlarge picture
A highly critical vulnerability (as ranked by Secunia) has been disclosed in Media Player 6.x. This particular vulnerability can be exploited by a malicious user to compromise a system with a flawed version installed.

As
seen on Secunia, the vulnerability is caused due to an input validation error when processing .AVI files and can be exploited to cause a buffer overflow via a .AVI file with a specially crafted "indx" chunk. The same site informs that successful exploitation will allow the execution of arbitrary code.

Media Player Classic 6.4.9.0 surely has this bug, but other versions may have it as well. There is no vendor patch release and no update either. The only solution that you may take into consideration is not opening untrusted .AVI files. Other than that, there's not much you can do. A hacker could get system access if you do open a dangerous .AVi file, so watch what you click on!

This vulnerability has been disclosed by Code Audit Labs and the original advisory has been posted on Vulnhunt. You may click here to read it, there's a lot of techie talk and I hope you can understand it!

Media Player Classic (MPC for short) is open source and its latest version even works on Vista. It's a "light-weight" player, being a good replacement for the media players provided by default with Windows. It is pretty good software and it's got a lot of great reviews. You may download it from our site by clicking on this link It got an overall 4.3 out of 5 user rating on Softpedia, which means it's really worth it, but if you do install it, please be careful what you click on. Avoid shady .AVI files, they might just be the tools of a hacker!

TAGS:

 media player classic | vulnerability | system compromised | hack


Rating:
Fair (2.7/5) 7 vote(s) so far    

Read by 745 user(s) | Add comment | Link to this article
Subscribe to news | Print article | Send to friend

© Copyright 2001-2008 Softpedia
Contact:

 

 

SEARCH THE NEWS ARCHIVE :




Today's News | Yesterday's News | News Archive


MORE RELATED ARTICLES:


Media Player Classic Wins the Softpedia User's Choice Award

One of the First Portable Media Players with GPS Functions

Hands Off the New Digital Cubed M43 Portable Media Player

Media Player Classic or How to Watch a Movie While Being Hacked

Microsoft Is Mute to the New Apple iPod Nano, Classic, Touch and iPhone Price

User opinions:

No user comments yet.
Be the first to express your opinion using the form below!

Share your opinion:

Your Name:
Your Email Address:
(will not be used for commercial purposes)
Solve this to prove you're not a bot: =
Your review/opinion:

 






SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   ENTER NEWS SITE   |   ENGLISH BOARD   |   ROMANIAN FORUM
© 2001 - 2008 Softpedia. All rights reserved.
Softpedia™ and the Softpedia™ logo are registered trademarks of SoftNews NET SRL.		 Copyright Information | Privacy Policy | Terms of Use | Update your software | Archive