VLC Media Player Vulnerable to Attack

Status
Not open for further replies.

slugger

Banned
just came across this piece of NEWS
A flaw in the widely-used open-source VLC media player could allow an attacker to execute harmful code on a PC.

The problem stems from a buffer overflow that can occur when the player processes subtitle files used for movies, according to a security advisory.


The vulnerability existed before VLC was upgraded to version 0.8.6e in late February, but the bug appears to have escaped the last round of patches, wrote Luigi Auriemma in a note.

"The funny thing is that my old proof-of-concept was built just to test this specific buffer overflow, and in fact it works on the new VLC version too without modifications," Auriemma wrote.

Video files can contain a link to a separate subtitle file, which VLC automatically loads when it plays the video. An attacker could use the buffer overflow flaw in VLC to execute malicious code contained in a subtitle file, and thus tamper with a PC. The flaw affects VLC players running on Windows, Mac, BSD and possibly more operating systems, Auriemma wrote.

The VLC media player is part of the VideoLAN project. The player is free, and it is released under the GNU General Public License. VLC can also be used as a streaming media server for a variety of platforms.

SOURCE
 

pushkaraj

In the zone
Nice info, thanks. I hav installed vlc but use it only when k-lite is unable to play a file......And that rarely happens :)
 
OP
slugger

slugger

Banned
simple soln till no patches realeased

learn the language b4 u watch the movie :D [instead of the other way round]

your chance at becoming a linguist :rolleyes:
 

ring_wraith

=--=l33t=--=
There is really no cause for alarm, as long as you get the .subs file from a verified trusted source.

If you are wary, just don't use subs.
 
Status
Not open for further replies.
Top Bottom