Secunia CSI 5.0
Overview
Advisories
Research
Forums
Create Profile
Our Commitment
Database
Search
Advisories by Product
Advisories by Vendor
Terminology
Report Vulnerability
Insecure Library Loading

Secunia Advisory SA39558

VLC Media Player Multiple Vulnerabilities
Secunia Advisory SA39558
DOWNLOAD CSI


DOWNLOAD PSI
Release Date 2010-04-22
Last Update 2010-06-22
   
Popularity 11,372 views
Comments 13 comments

Criticality level Highly criticalHighly critical
Impact System access
Where From remote
Authentication level Available in Customer Area
   
Report reliability Available in Customer Area
Solution Status Vendor Patch
   
   
3rd party PoC/exploit Link available in Customer Area
Systems affected Available in Customer Area
Approve distribution Available in Customer Area
Remediation status Secunia CSI, Secunia PSI
Automated scanning Secunia CSI, Secunia PSI
   
Software:
VLC media player 1.x
Secunia CVSS Score Available in Customer Area
CVE Reference(s) CVE-2010-1441 CVSS available in Customer Area
CVE-2010-1442 CVSS available in Customer Area
CVE-2010-1443 CVSS available in Customer Area
CVE-2010-1444 CVSS available in Customer Area
CVE-2010-1445 CVSS available in Customer Area
  

Description

Multiple vulnerabilities have been reported in VLC Media Player, which can be exploited by malicious people to potentially compromise a user's system.

1) An error in the A/52 audio decoder can be exploited to cause a heap-based buffer overflow.

2) An error in the DTS audio decoder can be exploited to cause a heap-based buffer overflow.

3) An error in the MPEG audio decoder can be exploited to cause a heap-based buffer overflow.

4) An error in the AVI demuxer can be exploited to trigger an access to invalid memory.

5) An error in the ASF demuxer can be exploited to trigger an access to invalid memory.

6) An error in the Matroska demuxer can be exploited to trigger an access to invalid memory.

7) An error when processing XSPF playlists can be exploited to trigger an access to invalid memory.

8) A use-after-free error when attempting to create a playlist of the contents of a malformed zip archive can be exploited to reference already freed memory via a specially crafted file with an arbitrary file extension.

9) An error in the RTMP implementation can be exploited to cause a heap-based buffer overflow.

Successful exploitation of the vulnerabilities may allow execution of arbitrary code, but requires that the user is tricked into opening a specially crafted file.

The vulnerabilities are reported in versions prior to 1.0.6.


Solution
Update to version 1.1.0.
Further details available in Customer Area

Provided and/or discovered by
Reported by the vendor.

Changelog
Further details available in Customer Area

Original Advisory
VideoLAN-SA-1003:
http://www.videolan.org/security/sa1003.html

Technical Analysis
Further details available in Customer Area

Deep Links
Links available in Customer Area


Do you have additional information related to this advisory?

Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this information to vuln@secunia.com

Subject: VLC Media Player Multiple Vulnerabilities
 
User Message
steffens RE: VLC Media Player Multiple Vulnerabilities
Member 23rd Apr, 2010 01:39
Score: 8
Posts: 8
User Since: 25th Jul 2009
System Score: N/A
Location: US
Last edited on 23rd Apr, 2010 01:54		 Quoting fom lead article at <http://www.videolan.org/news.html>:

VLC 1.0.6
2010-04-21
"...Binaries for Windows and Mac OS are not yet on the pipe."

At the time of this posting, that was still true.
Was this reply relevant?
+3
-0

Anor60

 RE: VLC Media Player Multiple Vulnerabilities
[+]
This reply has been minimised due to a negative Relevancy Score.

puget1

 RE: VLC Media Player Multiple Vulnerabilities
[+]
This reply has been minimised due to a negative Relevancy Score.

parrotlover

 RE: VLC Media Player Multiple Vulnerabilities
[+]
This reply has been minimised due to a negative Relevancy Score.

puget1

 RE: VLC Media Player Multiple Vulnerabilities
[+]
This reply has been minimised due to a negative Relevancy Score.

steffens

 RE: VLC Media Player Multiple Vulnerabilities
[+]
This reply has been minimised due to a negative Relevancy Score.
puget1 RE: VLC Media Player Multiple Vulnerabilities
Contributor 6th May, 2010 04:51
Score: 110
Posts: 490
User Since: 21st Dec 2007
System Score: 100%
Location: US
Last edited on 6th May, 2010 05:34		 I refer you to this thread http://secunia.com/community/forum/thread/show/348... If you don't think that was a shot of adrenaline through the ole nervous system being told that "Vista is insecure" It sounds like your whole OS is defunct. When traced down it was the buffer avi overflow. Knowing that all streaming video is probably the root cause of most hostile entries, means there really isn't anything that can be done. I do the best I can and I refuse to go paranoid over it. Firefox has a couple of add-ons that allow you to control flash and media start-ups without approval of the operator one is No-Scripts excellent with [protection against click-jacking]. Cookie controls + an add-on called Better Privacy that removes long term super cookies on closing browser. By being able to control entry of cookies should to some extend help plus the removal of them at the end of session. Other add-ons like Clear private data and Close and Forget also help. Secondly by not keeping anything in your history and not keeping passwords in memory. Using anti key-logger software like http://www.trusteer.com or http://download.cnet.com/KeyScrambler-Personal/300... Basically not keeping anything in your p.c.that can be used against you. Be sure to "Sign out" when using your bank so they can remove vital code and cookies at the end of session. Ultimately, by not going paronoid. Hope this helps

--
Was this reply relevant?
+1
-2
zappe RE: VLC Media Player Multiple Vulnerabilities
Member 10th May, 2010 13:09
Score: 3
Posts: 14
User Since: 4th Jan 2008
System Score: 96%
Location: SE
(unknown source)
Good advice in general... but hard to follow in this particular case, because as of this writing, nearly two weeks after my original post, the 1.0.6 binaries for Win and Mac are *still* "not yet on the pipe".

So there remains only the (less satisfactory) "solution" in VideoLAN Security Advisory 1003 <http://www.videolan.org/security/sa1003.html>...
"Workarounds: The user may refrain from opening files from untrusted sources."


There will probably not be a 1.0.6, but there are nightly builds that you can use.

1.1.0 will be released in two weeks time.
Was this reply relevant?
+3
-0
cvalde RE: VLC Media Player Multiple Vulnerabilities
Member 2nd Jun, 2010 10:47
Score: 11
Posts: 18
User Since: 30th Jul 2009
System Score: N/A
Location: N/A
Last edited on 2nd Jun, 2010 10:47		 Quote from http://www.remlab.net/op/vlc-1.0.6.shtml
"Security-concious users can install VLC prerelease version 1.1.0-pre3 which is quite stable and addresses the recently published security vulnerabilities." and I think this is an educated guess, RC2:
http://nightlies.videolan.org/build/win32/branch-2...
with vlc-1.1.0-rc2-20100602-0203-win32.exe for RC2 download. There's also this page
http://www.videolan.org/vlc/releases/1.1.0-RC.html
with links for RC1.
Was this reply relevant?
+7
-0
sucker RE: VLC Media Player Multiple Vulnerabilities
Member 19th Jun, 2010 19:11
Score: 1
Posts: 1
User Since: 4th Jul 2009
System Score: N/A
Location: N/A
Last edited on 19th Jun, 2010 19:11		 And here you can get VLC 1.1.0 RC 4 at http://forum.videolan.org/viewtopic.php?f=34&t=778...
Was this reply relevant?
+1
-0
Masoa RE: VLC Media Player Multiple Vulnerabilities
Member 22nd Jun, 2010 01:40
Score: 2
Posts: 1
User Since: 22nd Jun 2010
System Score: N/A
Location: US
Last edited on 22nd Jun, 2010 01:40		 VLC 1.1 is out on www.videolan.org, is this advisory still in effect for the latest version?
Was this reply relevant?
+2
-0
Racketeer RE: VLC Media Player Multiple Vulnerabilities
Member 22nd Jun, 2010 11:23
Score: 1
Posts: 1
User Since: 22nd Jun 2010
System Score: N/A
Location: CH
Last edited on 22nd Jun, 2010 11:23		 This is very strange indeed: While PSI lists VLC (1.1.0) as unsafe for browsing it does not report it in "unpatched threats"...
Was this reply relevant?
+1
-0
Ocean_Icarus RE: VLC Media Player Multiple Vulnerabilities
Member 31st Jul, 2010 17:33
Score: 0
Posts: 1
User Since: 31st Jul 2010
System Score: N/A
Location: FI
Last edited on 31st Jul, 2010 17:33		 Is this 1.1.0 version safe to use? Are the security holes filled now? Thanks in advance!
Was this reply relevant?
+0
-0

-

You must be logged in to post a comment.



 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Factsheets
Reports & Papers
Webinars
Events
 About us
Careers
Memberships
Newsroom
 
© 2002-2012 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability