VLC Vulnerability
Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: VLC Vulnerability

  1. #1
    Senior Member phernandez's Avatar
    Join Date
    Aug 2003
    Location
    NYC
    Posts
    246

    VLC Vulnerability

    VLC Player Vulnerable to Remote Hijack - TorrentFreak

    This caught my eye because it's my favorite, low-impact play-anything media player.

    The problem occurs when a someone loads a subtitle file, which causes a buffer overflow that can be exploited. The security flaw is platform independent, which means it affects Windows, Mac and Linux users.

    Initially it was reported that the flaws in version 0.8.6d were fixed in the latest release, but this turns out not to be the case. Auriemma writes: “The old buffer-overflow in the subtitles handled by VLC has not been fully patched in version 0.8.6e.”
    - via gHacks

  2. #2
    Senior Member
    Join Date
    Oct 2007
    Location
    do a whois search on my ip...
    Posts
    268
    hmm... I have never heard of VLC... probably because I am never in the need for a media player! From the article it looks to be pretty good, but I don't use BitTorrents...

    interesting vulnerability

  3. #3
    Senior Member phernandez's Avatar
    Join Date
    Aug 2003
    Location
    NYC
    Posts
    246
    Yeah, VLC is a barebones yet very capable player. It's not pretty, but it beats the pants off the mess that is Windows Media Player.

  4. #4
    I fail to see how this can be exploited remotely?

    The problem occurs when a someone loads a subtitle file, which causes a buffer overflow that can be exploited. The security flaw is platform independent, which means it affects Windows, Mac and Linux users.
    Unless a malicious file is run... how is this going to work? To people hook VLC into their browsers or what?

  5. #5
    Senior Member phernandez's Avatar
    Join Date
    Aug 2003
    Location
    NYC
    Posts
    246
    I think it can be used to view video streams as well as function as a streaming server.

    http://www.videolan.org/vlc/features.html

    Not a huge video expert here, so someone else will have to fill in the blanks...

  6. #6
    Ouch - I use VLC for playing .avi files on my Mac!

  7. #7
    Only african to own a PC! Cider's Avatar
    Join Date
    Jun 2003
    Location
    Israel
    Posts
    1,683
    Hmm I use VLC for everything. How can you not heard of VLC :P
    The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
    Albert Einstein

  8. #8
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,884
    Quote Originally Posted by Soda_Popinsky
    I fail to see how this can be exploited remotely?



    Unless a malicious file is run... how is this going to work? To people hook VLC into their browsers or what?
    The attack vector requires very specific conditions, none of which apply to you as an average user.

    --TH13
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  9. #9
    none of which apply to you as an average user.
    Burn!!!

  10. #10
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,884
    LOL.

    Soda, "you" was not implied literally to you.

    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

Similar Threads

  1. Browser Security Test
    By therenegade in forum Web Security
    Replies: 13
    Last Post: April 1st, 2005, 09:03 AM
  2. October MS updates
    By mohaughn in forum Microsoft Security Discussions
    Replies: 2
    Last Post: October 13th, 2004, 05:31 AM
  3. Securing Windows 2000 and IIS
    By spools.exe in forum Microsoft Security Discussions
    Replies: 0
    Last Post: September 15th, 2003, 10:47 PM
  4. NEWS: SANS Critical Vulnerability Report
    By xmaddness in forum Miscellaneous Security Discussions
    Replies: 0
    Last Post: January 28th, 2003, 09:12 PM
  5. IIS Patch announcement
    By souleman in forum Microsoft Security Discussions
    Replies: 5
    Last Post: April 12th, 2002, 12:39 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •