A number of threat experts are predicting an influx of malware diguised as media files in 2007. They cite the popularity of video-sharing Web sites (e.g., Youtube.com) and the increasing use of media files in social networking sites ( Myspace.com) as the prime movers in this coming trend. Here at the tail end of 2006, the release of the proof-of-concept (POC) Trojan TROJ_MPEXPL.A is starting to make this prediction a fact.
This Trojan takes advantage of a vulnerability found in the media player XMPlay v18.104.22.168. It arrives as a specially crafted ASX file, which when played on XMPlay causes a buffer overflow. The said overflow in turn, enables a remote user to execute any file — without the user’s knowledge — on the affected system.
Note that later versions of XMPlay have addressed this vulnerability.