Media player dangers

Media players are a necessary part of today's digital entertainment world, but they also give crooks another entryway into your system. Cases in point: critical holes found in Adobe's Macromedia Flash Player and in Apple's QuickTime media player. A successful exploit of either bug could enable crackers to hit you with a drive-by malware download that you wouldn't soon be able to forget.

Bugged versions of Flash Player 4, 5 and 6 accompanied virtually every copy of Windows, from Windows 98 first edition on up through Windows XP SP2 (as described in Microsoft's Security Bulletin MS06-020). The only exceptions are Windows 2000, Windows XP Pro x64 and Windows Server 2003. According to Adobe, all versions prior to 8.0.22 are at risk.

Because of this vulnerability, if you simply view a poisoned Web site or e-mail message containing a doctored flash movie (.swf) file, the player will crash due to a buffer overflow, and the corrupted file can run any command its perpetrator wants it to: download spyware, erase files or what have you.

No attacks had been reported at press time, but don't take any chances. Update the Microsoft-redistributed versions via Automatic Updates, or get version 9 from the Cover Disc of the September 2006 issue of PC World Magazine or www.adobe.com/downloads.

QuickTime holes

Meanwhile, Apple has patched 12 critical holes in its own player with QuickTime 7.1 (for Windows and Mac OS). As with the Flash bugs, these vulnerabilities could cost you control of your PC if you view a poisoned media file in QuickTime, but in this case, a range of movie and image file types may be used, including JPEG, BMP, AVI, MPG and QuickTime movies. You can obtain more information and the patched version from www.apple.com, or install the QuickTime 7.1 player from the Cover Disc of the September 2006 issue of PC World Magazine.

Beware Word docs

Crooks have targeted a serious new hole in Microsoft Word, sending corrupted .doc files in e-mail attachments to invade vulnerable PCs. Some of the e-mail messages have subject lines like "Notice" and "RE Plan for final agreement". By the time you read this, Microsoft should have patched the vulnerability in Word XP and Word 2003, so the patch will be available via Automatic Updates. So far, the number of known attacks is small; but as always, be extra careful with e-mail attachments, even if they purport to be from someone you know. Learn more about the bug by going to www.microsoft.com and searching for "919637".

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?