Three of the vulnerabilities can launch malicious code that allows an attacker to snoop on users. The other vulnerability is a DOS attack that will only work in a few cases and crash the media player when it tries to open a file.

Thomas Kristensen

Allows Code Launch Malicious Snoop Three Users Vulnerabilities Vulnerability

Related Quotes

Vendors can take months to create patches, and sometimes users grumble about that, ... But the alternative is to have patches that can be circumvented or aren't appropriate for the vulnerability. It's a difficult balance.

— Thomas Kristensen

AlternativeCreateGrumble

Vendors can take months to create patches, and sometimes users grumble about that. But the alternative is to have patches that can be circumvented or aren't appropriate for the vulnerability. It's a difficult balance.

— Thomas Kristensen

AlternativeCreateGrumble

We aren't aware of any systems that have been compromised yet, but it's likely to happen since there's exploit code out.

— Thomas Kristensen

AwareCodeCompromised

Chat is a conduit for distribution of malicious code. It's a way to distribute Trojans, and, in addition, users who don't know how to hide their IP address will reveal it during chat. On the Internet, chat is risky business.

— Chris Rouland

AdditionChatCode

There needs to be a better assessment of what the vulnerabilities are and what constitutes vulnerability.

— William Ramsay

AssessmentConstitutesNeeds