Daily cyber threats and internet security news: network security, online safety and latest security alerts
November 7th, 2008

Highly Critical Vulnerabilities In VLC Media Player

Two “highly critical” vulnerabilities in the cross-platform VLC Media Player could put users at risk of remote code execution attacks, according to a warning from security researchers. An error in the CUE demuxer can be exploited to cause a stack-based buffer overflow via a specially crafted CUE image file. In second vulnerability, an error in the RealText demuxer can be exploited to cause a stack-based buffer overflow via a specially crafted RealText subtitle file.

The issues, reported in versions 0.5.0 through 0.9.5, could let hackers take complete control of compromised machines through rigged media files. VideoLAN, the open-source group that manages the VLC project, has released patches and strongly recommends that users upgrade to VLC media player 0.9.6.

Exploitation of this issue requires the user to explicitly open a specially crafted file. As with any media player, the standard advice is to avoid from opening files from untrusted third parties or accessing untrusted remote sites.

For details and updates visit VideoLAN website.

Email, Bookmark or Share:
  • E-mail this story to a friend!
  • Digg
  • StumbleUpon
  • Reddit
  • Technorati
  • Slashdot
  • Propeller
  • Google
  • Live
  • YahooMyWeb
  • TwitThis
  • Facebook
  • LinkedIn

More on CyberInsecure:
  • ASF Files Are Used To Execute Malicious Scripts in Windows Media Player
  • Critical Adobe Shockwave Player Vulnerability Affects Millions
  • Critical Security Vulnerability Patched In Adobe AIR 1.5
  • Apple QuickTime Multiple Remote Vulnerabilities
  • Adobe Fixes Clickjacking Vulnerability In Flash Player 10

  • If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Highly Critical Vulnerabilities In VLC Media Player

    One Response to “Highly Critical Vulnerabilities In VLC Media Player”

    1. Thanks for the alert, VLC is one of the favourite players since MS WMP 9/10/11 sucks.

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.