gfxgfx
 
Please login or register.

Login with username, password and session length
 
gfx gfx
gfx
75646 Posts in 13270 Topics by 2658 Members - Latest Member: RapsMX August 14, 2018, 06:21:22 pm
*
gfx*gfx
gfx
WinMX World :: Forum  |  Discussion  |  WinMx World News  |  Latest VLC version has dangerous hole
gfx
gfxgfx
 

Author Topic: Latest VLC version has dangerous hole  (Read 376 times)

0 Members and 1 Guest are viewing this topic.

Latest VLC version has dangerous hole
« on: January 31, 2013, 10:36:08 am »
Quote
The developers of the VLC video player have warned of a crashing bug in the latest 2.0.5 version of the application, which might be exploited to execute arbitrary code. The issue is a problem in the ASF demuxer (libasf_plugin.*), which can be tricked into overflowing a buffer with a specially crafted ASF movie. The developers note that users would have to open that specially crafted file to be vulnerable and advise users to not open files from untrusted third parties or untrusted sites.

Another workaround is to delete the demuxer plugin – found in \VLC\plugins\demux\libasf_plugin.dll on Windows – to disable the vulnerable function. A patch has been developed which replaces the vulnerable macro with static inline code and better bounds checking, and that has been applied to the forthcoming version 2.0.6 release of VLC. Already patched versions of VLC for Windows and Mac OS X are available from the VLC nightlies site, but may have other bugs as they are ongoing development versions.

http://majorgeeks.com/story.php?id=37466

WinMX World :: Forum  |  Discussion  |  WinMx World News  |  Latest VLC version has dangerous hole
 

gfxgfx
gfx
©2005-2018 WinMXWorld.com. All rights reserved.
SMF 2.0.15 | SMF © 2017, Simple Machines
Page created in 0.03 seconds with 21 queries.
Helios Multi © Bloc
gfx
Powered by MySQL Powered by PHP Valid XHTML 1.0! Valid CSS!