Media player dangers

Media players are a necessary part of today's digital entertainment world, but they also give crooks another entryway into your system. Cases in point: critical holes found in Adobe's Macromedia Flash Player and in Apple's QuickTime media player. A successful exploit of either bug could enable crackers to hit you with a drive-by malware download that you wouldn't soon be able to forget.

Bugged versions of Flash Player 4, 5 and 6 accompanied virtually every copy of Windows, from Windows 98 first edition on up through Windows XP SP2 (as described in Microsoft's Security Bulletin MS06-020). The only exceptions are Windows 2000, Windows XP Pro x64 and Windows Server 2003. According to Adobe, all versions prior to 8.0.22 are at risk.

Because of this vulnerability, if you simply view a poisoned Web site or e-mail message containing a doctored flash movie (.swf) file, the player will crash due to a buffer overflow, and the corrupted file can run any command its perpetrator wants it to: download spyware, erase files or what have you.

No attacks had been reported at press time, but don't take any chances. Update the Microsoft-redistributed versions via Automatic Updates, or get version 9 from the Cover Disc of the September 2006 issue of PC World Magazine or www.adobe.com/downloads.

QuickTime holes

Meanwhile, Apple has patched 12 critical holes in its own player with QuickTime 7.1 (for Windows and Mac OS). As with the Flash bugs, these vulnerabilities could cost you control of your PC if you view a poisoned media file in QuickTime, but in this case, a range of movie and image file types may be used, including JPEG, BMP, AVI, MPG and QuickTime movies. You can obtain more information and the patched version from www.apple.com, or install the QuickTime 7.1 player from the Cover Disc of the September 2006 issue of PC World Magazine.

Beware Word docs

Crooks have targeted a serious new hole in Microsoft Word, sending corrupted .doc files in e-mail attachments to invade vulnerable PCs. Some of the e-mail messages have subject lines like "Notice" and "RE Plan for final agreement". By the time you read this, Microsoft should have patched the vulnerability in Word XP and Word 2003, so the patch will be available via Automatic Updates. So far, the number of known attacks is small; but as always, be extra careful with e-mail attachments, even if they purport to be from someone you know. Learn more about the bug by going to www.microsoft.com and searching for "919637".

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.
Show Comments

Brand Post

Bitdefender 2019

Taking cybersecurity to the highest level and order now for a special discount on the world’s most awarded and trusted cybersecurity. Be aware without a care!

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Luke Hill

MSI GT75 TITAN

I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Laura Johnston

MSI GS65 Stealth Thin

If you can afford the price tag, it is well worth the money. It out performs any other laptop I have tried for gaming, and the transportable design and incredible display also make it ideal for work.

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?