The VideoLAN organization has just released VLC 1.1.13, a multimedia player which can run lots of video formats, without the help of special codecs. VLC 1.1.13 was only made available because of a single security problem that needed to be fixed (details follow).
When parsing the header of an invalid TY file, the heap might have become corrupted, and if successful a malicious third party could have crashed the VLC media player process.
Because of this, arbitrary code execution might be possible on some systems, though this is unconfirmed.
As usual, users are asked to refrain from opening files, from untrusted third parties, or to access untrusted remote sites, until the new VLC 1.1.13 version is installed.
An alternative solution is available: Users can remove the TY demux plugin which in turn would prevent the accidental opening of TiVo files.
Download
VLC 1.1.13 right now from Softpedia.
Find us on Google+
No user comments yet.
Be the first to express your opinion!
