-
March 19th, 2008, 04:57 PM
#1
VLC Vulnerability
VLC Player Vulnerable to Remote Hijack - TorrentFreak
This caught my eye because it's my favorite, low-impact play-anything media player.
The problem occurs when a someone loads a subtitle file, which causes a buffer overflow that can be exploited. The security flaw is platform independent, which means it affects Windows, Mac and Linux users.
Initially it was reported that the flaws in version 0.8.6d were fixed in the latest release, but this turns out not to be the case. Auriemma writes: “The old buffer-overflow in the subtitles handled by VLC has not been fully patched in version 0.8.6e.”
- via gHacks
-
March 19th, 2008, 09:19 PM
#2
hmm... I have never heard of VLC... probably because I am never in the need for a media player! From the article it looks to be pretty good, but I don't use BitTorrents...
interesting vulnerability
-
March 19th, 2008, 09:25 PM
#3
Yeah, VLC is a barebones yet very capable player. It's not pretty, but it beats the pants off the mess that is Windows Media Player.
-
March 19th, 2008, 09:32 PM
#4
I fail to see how this can be exploited remotely?
The problem occurs when a someone loads a subtitle file, which causes a buffer overflow that can be exploited. The security flaw is platform independent, which means it affects Windows, Mac and Linux users.
Unless a malicious file is run... how is this going to work? To people hook VLC into their browsers or what?
-
March 19th, 2008, 10:45 PM
#5
I think it can be used to view video streams as well as function as a streaming server.
http://www.videolan.org/vlc/features.html
Not a huge video expert here, so someone else will have to fill in the blanks...
-
March 20th, 2008, 02:32 AM
#6
Member
Ouch - I use VLC for playing .avi files on my Mac!
-
March 20th, 2008, 03:02 PM
#7
Hmm I use VLC for everything. How can you not heard of VLC :P
The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
Albert Einstein
-
March 20th, 2008, 03:24 PM
#8
Originally Posted by Soda_Popinsky
I fail to see how this can be exploited remotely?
Unless a malicious file is run... how is this going to work? To people hook VLC into their browsers or what?
The attack vector requires very specific conditions, none of which apply to you as an average user.
--TH13
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
-
March 20th, 2008, 06:54 PM
#9
none of which apply to you as an average user.
Burn!!!
-
March 20th, 2008, 08:15 PM
#10
LOL.
Soda, "you" was not implied literally to you.
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
Similar Threads
-
By therenegade in forum Web Security
Replies: 13
Last Post: April 1st, 2005, 09:03 AM
-
By mohaughn in forum Microsoft Security Discussions
Replies: 2
Last Post: October 13th, 2004, 04:31 AM
-
By spools.exe in forum Microsoft Security Discussions
Replies: 0
Last Post: September 15th, 2003, 09:47 PM
-
By xmaddness in forum Miscellaneous Security Discussions
Replies: 0
Last Post: January 28th, 2003, 09:12 PM
-
By souleman in forum Microsoft Security Discussions
Replies: 5
Last Post: April 11th, 2002, 11:39 PM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|