Silent Patchday ahead – but multiple Media Player issues

Microsoft is planning to release only one Security Bulletin on next tuesday, the first Patchday in the new year. The problem it solves is rated critical for Windows 2000, XP and Windows Server 2003. In Vista and Windows Server 2008 Microsoft rates it “moderate”.

In the last few days plenty of critical errors have been found in several Media Players for Windows. Manipulated media files can result in buffer overflows and therefor inject malicous code like a trojan for example. Proof-of-concept exploit code is publicly available for GOM Player, VUPlayer 2.49, CoolPlayer build 219, Rosoft Media Player 4.2.1, Destiny Media Player 1.61, WinAmp GEN_MSN Plugin and the audio editor Audacity 1.6.2 (and earlier versions of these programs). Users of this software should look out for an update from the respective vendor/programmer group. Until updates are available, they shouldn’t play downloaded content from the internet with these Media Players.

Dirk Knop
Technical Editor