|
Answer» TITLE:
VLC Media Player ActiveX PLUGIN and FLAC Vulnerabilities
SECUNIA ADVISORY ID:
SA27878
VERIFY ADVISORY:
http://secunia.com/advisories/27878/
CRITICAL:
HIGHLY critical
IMPACT:
DoS, System access
WHERE:
>From remote
SOFTWARE:
VLC media player 0.x
http://secunia.com/product/7788/
DESCRIPTION:
Some vulnerabilities have been reported in VLC Media Player, which
potentially can be exploited by malicious people to compromise a
user's system.
1) An error within the ActiveX plugin of VLC Media Player can be
exploited to overwrite certain memory zones and execute arbitrary
code when a user e.g. visits a malicious website.
Note: This affects the Windows versions only.
2) Some vulnerabilities are CAUSED due to the use of a vulnerable
version of the FLAC library, which contains multiple integer
overflows.
For more information:
SA27210
Note: This may affect the Windows and MAC OS X binaries only.
SOLUTION:
Update to version 0.8.6d.
http://www.videolan.org/vlc/
|
