Hackers have unleashed a trojan that exploits recently
revealed vulnerabilities in Microsoft Windows Media Player,
security experts have warned.
The threat takes advantage of a Media Player plug-in with
non-Microsoft internet browsers buffer overflow vulnerability. The
plug-in is typically used with browsers such as Firefox and
Netscape.
Microsoft issued a patch for the vulnerability in its security
bulletin MS06-006, last week. It rated the fix “important” and
urged users to apply it “at the earliest opportunity”.
The exploits posted to the web could “contain payload that will
open a backdoor on the victim's machine”, according to a newly
discovered threat warning from McAfee Avert.
“Such exploit files could be executed with little user
intervention (such as visiting a website that hosted malicious
files), and the end result could be the silent installation of any
number of viruses, trojans, and potentially unwanted programs,” the
warning says.
News of the threat follows Microsoft’s admission that another
security patch released week - number MS06-007 – contained a fault
that meant some users would have to reinstall it to ensure they
were fully protected.