Highly critical

VLC Media Player Insecure Library Loading Vulnerability

-

Release Date:  2010-08-25    Last Update:  2010-08-30    Views:  13,461

Secunia Advisory SA41107

Where:

Log in with your Secunia community profile. If you are an IT security professional, request a trial of the Secunia VIM.

Impact:

Log in with your Secunia community profile. If you are an IT security professional, request a trial of the Secunia VIM.

Solution Status:

Log in with your Secunia community profile. If you are an IT security professional, request a trial of the Secunia VIM.

Software:

Log in with your Secunia community profile. If you are an IT security professional, request a trial of the Secunia VIM.

CVE Reference(s):

Log in with your Secunia community profile. If you are an IT security professional, request a trial of the Secunia VIM.

Description


A vulnerability has been discovered in VLC Media Player, which can be exploited by malicious people to compromise a user's system


Log in with your Secunia community profile to view the full description of this Advisory. If you are an IT security professional, request a trial of the Secunia VIM.

If you are not a member of the Secunia community, you can sign up here for free.

Do you have additional information related to this advisory?

Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this information to vuln@secunia.com

Subject: VLC Media Player Insecure Library Loading Vulnerability

User Message
davidbassplayer RE: VLC Media Player Insecure Library Loading Vulnerability
Member 28th Aug, 2010 16:08
Score: 2
Posts: 20
User Since: 13th Feb 2008
System Score: N/A
Location: N/A
Last edited on 28th Aug, 2010 16:08
VLC 1.1.4 is available at the VideoLan web site. PCI doesn't think it corrects the vulnerability. Does it?
Was this reply relevant?
+0
-0
dracudok RE: VLC Media Player Insecure Library Loading Vulnerability
Member 28th Aug, 2010 19:54
Score: 42
Posts: 26
User Since: 14th Jun 2009
System Score: 100%
Location: DE
Last edited on 28th Aug, 2010 22:43
According to these articles (http://isc.sans.edu/diary.html?storyid=9445 and http://www.h-online.com/security/news/item/Attacke...) there are DLL vulnerabilities in numerous applications, not just VLC player (e.g. Firefox, see http://secunia.com/community/forum/thread/show/529...). VLC player version 1.1.4 is one of the first programs, where this problem is fixed.

dracudok

Edit: See also http://support.microsoft.com/?scid=kb%3Ben-us%3B22... and http://www.microsoft.com/technet/security/advisory...

Edit2: An unofficial list of potentially vulnerable applications can be found here: http://www.corelan.be:8800/index.php/2010/08/25/dl...
Was this reply relevant?
+2
-0

-

You must be logged in to post a comment.