14 DAY TRIAL // A highly critical vulnerability (as ranked by Secunia) has been disclosed in Media Player 6.x. This particular vulnerability can be exploited by a malicious user to compromise a system with a flawed version installed.
As seen on Secunia, the vulnerability is caused due to an input validation error when processing .AVI files and can be exploited to cause a buffer overflow via a .AVI file with a specially crafted "indx" chunk. The same site informs that successful exploitation will allow the execution of arbitrary code.
Media Player Classic 6.4.9.0 surely has this bug, but other versions may have it as well. There is no vendor patch release and no update either. The only solution that you may take into consideration is not opening untrusted .AVI files. Other than that, there's not much you can do. A hacker could get system access if you do open a dangerous .AVi file, so watch what you click on!
This vulnerability has been disclosed by Code Audit Labs and the original advisory has been posted on Vulnhunt. You may click here to read it, there's a lot of techie talk and I hope you can understand it!
Media Player Classic (MPC for short) is open source and its latest version even works on Vista. It's a "light-weight" player, being a good replacement for the media players provided by default with Windows. It is pretty good software and it's got a lot of great reviews. You may download it from our site by clicking on this link It got an overall 4.3 out of 5 user rating on Softpedia, which means it's really worth it, but if you do install it, please be careful what you click on. Avoid shady .AVI files, they might just be the tools of a hacker!