Sunday, February 3, 2013
Buffer Overflow vulnerability in VLC media player
VideoLAN recently published a security advisory warning of a buffer overflow vulnerability in versions 2.0.5 and earlier of VLC Media Player, which might be exploited to execute arbitrary code. This vulnerability was reported by Debasish Mandal.
Buffer Overflow vulnerability in VLC media playerThe vulnerability is caused due to an error in the "DemuxPacket()" function (modules/demux/asf/asf.c) when processing ASF files and can be exploited to cause a buffer overflow via a specially crafted ASF file. To exploit the vulnerability, a user must explicitly open a specially crafted ASF movie.
Successful exploitation may allow execution of arbitrary code, but requires tricking a user into opening a malicious file.
VideoLAN advises users to refrain from opening files from untrusted locations and to disable the VLC browser plug-ins until the issue is patched. A patch will be included in VLC 2.0.6, the next version of the media player, which is only available for testing purposes at the moment.
This article was written by: Rajesh Darvesh
He is a Ethical Hacking and Security Professional, with experience in various aspects of Information Security and Founder of The Hacker Voice Other than this : He is an Internet Activist, Strong supporter of Anonymous and Wikileaks you can Follow him on Twitter
Subscribe to:
Post Comments (Atom)
0 Responses to “Buffer Overflow vulnerability in VLC media player”
Post a Comment