For now, we'll just have to wait for VideoLan to release a patch and fix the gap. The bug in question allegedly only affects Windows, Unix, and Linux versions of VLC and is affecting only. If you're using VLC on a Mac, you are fine. Earlier in June, two high-severity bugs were patched in the media player and were discovered after a EU-mandated bug bounty program was announced. While details of the vulnerability are scant, CERT-Bund said that the flaw stems from an improper restriction of operations within the bounds of a memory buffer. Despite the level of severity, no patch is currently available for the vulnerability. Further, this loophole can be used to trigger a denial-of-service attack, a widely found malware.ĬERT-Bund has given this a base vulnerability score of 9.8 out of 10 and it exists in the Windows, Linux and UNIX versions of VLC 3.0.7.1 (the latest version of the media player). The security flaw allows for remote code execution, which gives hackers total access to your computer to install, run, and modify anything on it without your knowledge. You might want to uninstall it until the folks at the VideoLAN Project can patch the flaw. This will disable the software's ability to play ASF videos until a patched version of the file is reinstalled during a software update.Ī patch will be included in VLC 2.0.6, the next version of the media player, which is only available for testing purposes at the moment.One of the most popular media players out there, VLC is widely used by everyone because it's free and offers a wide range of codec libraries, unlike the default Windows Media Player.Īvailable for Windows, Linux, Mac OS X, Unix, iOS, and Android systems, the open-source media player has now become the focus of a recent security advisory released by the German Computer Emergency Response Team (CERT-Bund).ĭue to a detected vulnerability, a very serious security flaw has been discovered in VLC.
The plug-ins allow the playback of video files embedded into Web pages.Īn alternative solution is to manually delete the vulnerable libasf_plugin.dll file from the VLC installation directory, VideoLAN said. By default, VLC installs plug-ins for Mozilla Firefox, Internet Explorer, Google Chrome, Apple Safari, Opera and Konqueror. VideoLAN advises users to refrain from opening files from untrusted locations and to disable the VLC browser plug-ins until the issue is patched. The flaw can be exploited by tricking a user into opening a specially crafted ASF file. Vulnerability research and management firm Secunia rated the flaw as highly critical and said its successful exploitation could allow the execution of arbitrary code.
0 kommentar(er)
