VLC Player Vulnerable to Remote Hijack

Talk about and discuss various advancements and achievents in the arts and sciences of invention and modification; computers, sciences, mathematics, and technology for all.
Post Reply
hotheat
Posts: 30897
Joined: Tue May 16, 2006 6:37 pm

VLC Player Vulnerable to Remote Hijack

#1

Post by hotheat »

[center]VLC Player Vulnerable to Remote Hijack[/center]

VLC Player, one of the best and most widely used media players has found to be vulnerable to a remote hijack. The reported vulnerability makes it possible for a malicious user to run arbitrary code, potentially taking remote control of the host machine.

VLC is a popular media player among BitTorrent users. Not just for the fact that it is free, also because it includes a huge number of the video codecs, so it can play virtually every video file available.

Unfortunately, the latest versions of VLC have a security flaw according to a report from Luigi Auriemma. The vulnerability can be exploited to compromise a user’s system, as it leaves it wide open for a malicious user to run arbitrary code.

The problem occurs when a someone loads a subtitle file, which causes a buffer overflow that can be exploited. The security flaw is platform independent, which means it affects Windows, Mac and Linux users.

Initially it was reported that the flaws in version 0.8.6d were fixed in the latest release, but this turns out not to be the case. Auriemma writes: “The old buffer-overflow in the subtitles handled by VLC has not been fully patched in version 0.8.6e.”

“The funny thing is that my old proof-of-concept was built just to test this specific buffer-overflow and in fact it works on the new VLC version too without modifications,” he adds.

For now, the only solutions are not to run any subtitle files, or to grab one of the nightly builds. The downside is, however, that these might not be as stable as the regular releases.

from: -http://torrentfreak.com/vlc-player-vuln ... ck-080318/
BBcode:
Hide post links
Show post links
Top
User avatar
Sir Jig-A-Lot
Posts: 9571
Joined: Sat Jun 23, 2007 3:21 am

Re: VLC Player Vulnerable to Remote Hijack

#2

Post by Sir Jig-A-Lot »

Thanx 4 that info,hotheat. glad i haven't upgraded my version for years. :)
ALL MY BITCHEZ LUH ME
BBcode:
Hide post links
Show post links
Top
User avatar
AYHJA
392
Posts: 37990
Joined: Fri Sep 17, 2004 2:25 pm
Location: Washington, D.C.
Contact:
Contact AYHJA

Re: VLC Player Vulnerable to Remote Hijack

#3

Post by AYHJA »

I never really used VLC, MPC always seemed better, and definitely has more options...
BBcode:
Hide post links
Show post links
Top
User avatar
cs_cdkey4
Dodgy
Posts: 1096
Joined: Mon Dec 12, 2005 7:54 am

Re: VLC Player Vulnerable to Remote Hijack

#4

Post by cs_cdkey4 »

dude....

i dont think i updated vlc but thanks for the warning
To weasel out of work is what seperate's us from the animals.. well except the weasel....
BBcode:
Hide post links
Show post links
Top
User avatar
zaphodz
Posts: 1265
Joined: Thu Jun 29, 2006 10:56 am

Re: VLC Player Vulnerable to Remote Hijack

#5

Post by zaphodz »

I use VLC on Ubuntu Hardy Heron 8.04. Good media player. In Windows I like Media Player Classic though.
BBcode:
Hide post links
Show post links
Top
Post Reply

Return to “AYHJA Tech”