Media player dangers

Media players are a necessary part of today's digital entertainment world, but they also give crooks another entryway into your system. Cases in point: critical holes found in Adobe's Macromedia Flash Player and in Apple's QuickTime media player. A successful exploit of either bug could enable crackers to hit you with a drive-by malware download that you wouldn't soon be able to forget.

Bugged versions of Flash Player 4, 5 and 6 accompanied virtually every copy of Windows, from Windows 98 first edition on up through Windows XP SP2 (as described in Microsoft's Security Bulletin MS06-020). The only exceptions are Windows 2000, Windows XP Pro x64 and Windows Server 2003. According to Adobe, all versions prior to 8.0.22 are at risk.

Because of this vulnerability, if you simply view a poisoned Web site or e-mail message containing a doctored flash movie (.swf) file, the player will crash due to a buffer overflow, and the corrupted file can run any command its perpetrator wants it to: download spyware, erase files or what have you.

No attacks had been reported at press time, but don't take any chances. Update the Microsoft-redistributed versions via Automatic Updates, or get version 9 from the Cover Disc of the September 2006 issue of PC World Magazine or

QuickTime holes

Meanwhile, Apple has patched 12 critical holes in its own player with QuickTime 7.1 (for Windows and Mac OS). As with the Flash bugs, these vulnerabilities could cost you control of your PC if you view a poisoned media file in QuickTime, but in this case, a range of movie and image file types may be used, including JPEG, BMP, AVI, MPG and QuickTime movies. You can obtain more information and the patched version from, or install the QuickTime 7.1 player from the Cover Disc of the September 2006 issue of PC World Magazine.

Beware Word docs

Crooks have targeted a serious new hole in Microsoft Word, sending corrupted .doc files in e-mail attachments to invade vulnerable PCs. Some of the e-mail messages have subject lines like "Notice" and "RE Plan for final agreement". By the time you read this, Microsoft should have patched the vulnerability in Word XP and Word 2003, so the patch will be available via Automatic Updates. So far, the number of known attacks is small; but as always, be extra careful with e-mail attachments, even if they purport to be from someone you know. Learn more about the bug by going to and searching for "919637".

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.
Show Comments

Brand Post

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?