gfxgfx
 
Please login or register.

Login with username, password and session length
 
gfx gfx
gfx
76774 Posts in 13500 Topics by 1651 Members - Latest Member: insider4ever March 28, 2024, 03:02:08 pm
*
gfx*gfx
gfx
WinMX World :: Forum  |  Discussion  |  WinMx World News  |  Latest VLC version has dangerous hole
gfx
gfxgfx
 

Author Topic: Latest VLC version has dangerous hole  (Read 645 times)

0 Members and 1 Guest are viewing this topic.

Latest VLC version has dangerous hole
« on: January 31, 2013, 10:36:08 am »
Quote
The developers of the VLC video player have warned of a crashing bug in the latest 2.0.5 version of the application, which might be exploited to execute arbitrary code. The issue is a problem in the ASF demuxer (libasf_plugin.*), which can be tricked into overflowing a buffer with a specially crafted ASF movie. The developers note that users would have to open that specially crafted file to be vulnerable and advise users to not open files from untrusted third parties or untrusted sites.

Another workaround is to delete the demuxer plugin – found in \VLC\plugins\demux\libasf_plugin.dll on Windows – to disable the vulnerable function. A patch has been developed which replaces the vulnerable macro with static inline code and better bounds checking, and that has been applied to the forthcoming version 2.0.6 release of VLC. Already patched versions of VLC for Windows and Mac OS X are available from the VLC nightlies site, but may have other bugs as they are ongoing development versions.

http://majorgeeks.com/story.php?id=37466

WinMX World :: Forum  |  Discussion  |  WinMx World News  |  Latest VLC version has dangerous hole
 

gfxgfx
gfx
©2005-2024 WinMXWorld.com. All Rights Reserved.
SMF 2.0.19 | SMF © 2021, Simple Machines | Terms and Policies
Page created in 0.017 seconds with 21 queries.
Helios Multi © Bloc
gfx
Powered by MySQL Powered by PHP Valid XHTML 1.0! Valid CSS!