TotalChoice Hosting Family Forums > Vlc Media Player Activex Plugin And Flac Vulnerabilities

Full Version: Vlc Media Player Activex Plugin And Flac Vulnerabilities

TotalChoice Hosting Family Forums > TotalChoice Hosting General Support > Security Discussions > Software/Scripts/Other Alerts

TCH-Thomas

Dec 3 2007, 11:50 AM

From: Secunia
secunia.com/advisories/27878/

Rating: Highly critical

Description:
Some vulnerabilities have been reported in VLC Media Player, which potentially can be exploited by malicious people to compromise a user's system.

1) An error within the ActiveX plugin of VLC Media Player can be exploited to overwrite certain memory zones and execute arbitrary code when a user e.g. visits a malicious website.

Note: This affects the Windows versions only.

2) Some vulnerabilities are caused due to the use of a vulnerable version of the FLAC library, which contains multiple integer overflows.

Solution:
Update to version 0.8.6d.
videolan.org/vlc/

TCH-Bruce

Dec 3 2007, 11:55 AM

Thanks Thomas

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.