Go to the Softpedia homepage


NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
Home / News / Security

Security

VLC Media Player Highly Critical Flaw

The multimedia player is vulnerable to attacks

By Bogdan Popa, Security and Search Engines Editor

4th of January 2007, 06:45 GMT

Adjust text size:


VLC Media Player is one of the most popular multiple players on the internet with more than 3,388,721 downloads (and counting) as the official website says. The application was designed for playing multiple audio and video formats such as MPEG-1, MPEG-2, MPEG-4, DivX, mp3, ogg, DVDs, VCDs, and several streaming extensions. VLC was developed for multiple platforms including Windows, Mac and a lot of Linux distributions and can be also used as a server to broadcast audio or video
content.

Even if the program is so popular, this doesn't mean that it is one of the well-developed software solutions on the market, being affected by a highly critical vulnerability as security company Secunia says. "Kevin Finisterre and LMH have reported a vulnerability in VLC media player, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a format string error when handling "udp://" URIs and can be exploited via a specially crafted web site or an M3U file with a specially crafted udp:// URI containing format string specifiers as the file name," the firm added.

It seems like the affected version of the VLC Media Player is 08.6 for both Windows and Mac and a successful exploitation of the flaw can allow an attacker to execute malicious commands on the vulnerable computer.

"Requires a working Perl interpreter. The exploit(s) provided will create a M3U file, which can be locally opened or served remotely via web server. The exploit source code includes notes and other comments about the different options available. Both x86 and PowerPC versions are provided," it is mentioned in the original advisory.

The company didn't release an official update or a patch to fix the vulnerability, so it seems like the only solution to avoid the danger is to refuse to open untrusted M3U files or to visit malicious webpages.


Rating:
Good (3.4/5) 7 vote(s) so far    

Read by 1,222 user(s) | Add comment | Link to this article
Subscribe to news | Print article | Send to friend

© Copyright 2001-2008 Softpedia
Contact:

 

 

SEARCH THE NEWS ARCHIVE :




Today's News | Yesterday's News | News Archive


MORE RELATED ARTICLES:


Al Qaeda Cyber Attack Terrifies USA

QuickTime Movie Spreads Viruses

BitDefender Is Now Vista Compatible

Students, Parents, Universities Beware!

Panda Antivirus for Windows Vista

User opinions:

No user comments yet.
Be the first to express your opinion using the form below!

Share your opinion:

Your Name:
Your Email Address:
(will not be used for commercial purposes)
Solve this to prove you're not a bot: =
Your review/opinion:

 






SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   ENTER NEWS SITE   |   ENGLISH BOARD   |   ROMANIAN FORUM
© 2001 - 2008 Softpedia. All rights reserved.
Softpedia™ and the Softpedia™ logo are registered trademarks of SoftNews NET SRL.		 Copyright Information | Privacy Policy | Terms of Use | Update your software | Archive