Hackers have unleashed a trojan that exploits recently revealed vulnerabilities in Microsoft Windows Media Player, security experts have warned.
The threat takes advantage of a Media Player plug-in with non-Microsoft internet browsers buffer overflow vulnerability. The plug-in is typically used with browsers such as Firefox and Netscape.
Microsoft issued a patch for the vulnerability in its security bulletin MS06-006, last week. It rated the fix “important” and urged users to apply it “at the earliest opportunity”.
The exploits posted to the web could “contain payload that will open a backdoor on the victim's machine”, according to a newly discovered threat warning from McAfee Avert.
“Such exploit files could be executed with little user intervention (such as visiting a website that hosted malicious files), and the end result could be the silent installation of any number of viruses, trojans, and potentially unwanted programs,” the warning says.
News of the threat follows Microsoft’s admission that another security patch released week - number MS06-007 – contained a fault that meant some users would have to reinstall it to ensure they were fully protected.