Security researchers are warning that popular media players offered by Microsoft and AOL are vulnerable to attacks that can completely compromise a user"s PC. Attack code has already been released for the bug, which has been confirmed in a codec used by older versions of Windows Media Player, made by Microsoft, and in AOL"s Winamp. A Symantec researcher has warned that users of other players may also be at risk because the vulnerability itself resides in a commonly used MP4 codec produced by a company called 3ivx Technologies.
"The exploit works by supplying victims with a maliciously formed MP4 file," Raymond Ball wrote for Symantec"s DeepSight Threat Management System. "When a victim unknowingly clicks a link that appears safe, the MP4 content is delivered, causing the exploit to run."