navigation bar left navigation bar right

Secunia CSI7
navigation left tab Advisories navigation right tab
navigation left tab Research navigation right tab
navigation left tab Forums navigation right tab
navigation left tab Create Profile navigation right tab
navigation left tab Our Commitment navigation right tab
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: VLC Media Player Mozilla VLC Multimedia Plug-in Vulnerability

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Vulnerabilities

See the original Secunia advisory:
VLC Media Player Mozilla VLC Multimedia Plug-in Vulnerability

Secunia VLC Media Player Mozilla VLC Multimedia Plug-in Vulnerability
Secunia Official 20th Oct, 2010 12:18
Ranking: 0
Posts: 0
User Since: -
System Score: -
Location: Copenhagen, DK
shinnai has discovered a vulnerability in VLC Media Player, which can be exploited by malicious people to potentially compromise a user's system.

The vulnerability is caused due to an error within the "VLC Multimedia Plug-in" for Mozilla, which can be exploited to potentially execute arbitrary code by tricking a user into opening a specially crafted website in a browser using this plugin.

Successful exploitation requires that the "VLC Multimedia Plug-in" for Mozilla is installed (not installed by default).

The vulnerability is confirmed in version 1.1.4. Other versions may also be affected.

Arenlor

RE: VLC Media Player Mozilla VLC Multimedia Plug-in Vulnerability
[+]
This reply has been minimised due to a negative Relevancy Score.

UziUzi

RE: VLC Media Player Mozilla VLC Multimedia Plug-in Vulnerability
[+]
This reply has been minimised due to a negative Relevancy Score.
Maurice Joyce RE: VLC Media Player Mozilla VLC Multimedia Plug-in Vulnerability
Handling Contributor 22nd Oct, 2010 00:35
Score: 11865
Posts: 9,101
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Last edited on 22nd Oct, 2010 00:42
I suspect the reason for some negative scoring is that both of U have commented/asked questions in the Vulnerability Section normally reserved for Secunia Officials to post warnings of vulnerabilities.

They will accept corrections/updates to reported vulnerabilities but require evidence.

Who is shinnai? By following the links in the Secunia Advisory it tells U all & gives U the link to the author,proof of concept & his email address.

http://shinnai.altervista.org/exploits/SH-007-2010...

It is highly unlikely Secunia would push out a warning without checking the proof of concept.

--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+6
-0
icheyne RE: VLC Media Player Mozilla VLC Multimedia Plug-in Vulnerability
Member 23rd Oct, 2010 00:46
Score: 0
Posts: 1
User Since: 23rd Oct 2010
System Score: N/A
Location: UK
Last edited on 23rd Oct, 2010 00:46
Tools -> Add-ons -> Plugins -> Disable VLC

This does the trick in terms of not loading the plugin, but PSI does not seem to detect that it has been disabled.
Was this reply relevant?
+6
-6

Arenlor

RE: VLC Media Player Mozilla VLC Multimedia Plug-in Vulnerability
[+]
This reply has been minimised due to a negative Relevancy Score.
shinnai RE: VLC Media Player Mozilla VLC Multimedia Plug-in Vulnerability
Member 25th Oct, 2010 10:09
Score: 7
Posts: 4
User Since: 11th Jan 2008
System Score: N/A
Location: IT
Last edited on 25th Oct, 2010 10:09
Hi Arenlor, I have two questions for you:

#1 - Did you read my exploit? It was tested against Firefox 3.6.10...
#2 - Are you sure it doesn't work against Firefox 3.6.11? I modified just a little bit the exploit and it works fine
Was this reply relevant?
+11
-5

Arenlor

RE: VLC Media Player Mozilla VLC Multimedia Plug-in Vulnerability
[+]
This reply has been minimised due to a negative Relevancy Score.
Anthony Wells RE: VLC Media Player Mozilla VLC Multimedia Plug-in Vulnerability
Expert Contributor 25th Oct, 2010 17:01
Score: 2463
Posts: 3,348
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

Hello shinnai ,

So you in turn know who you are dealing with , then this thread by @Arenlor may help - if you can find the extra time :) :-

http://secunia.com/community/forum/thread/show/322...

Take care

Anthony



--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+7
-6

FD2Raptor

RE: VLC Media Player Mozilla VLC Multimedia Plug-in Vulnerability
[+]
This reply has been minimised due to a negative Relevancy Score.

Arenlor

RE: VLC Media Player Mozilla VLC Multimedia Plug-in Vulnerability
[+]
This reply has been minimised due to a negative Relevancy Score.

Woulouf

RE: VLC Media Player Mozilla VLC Multimedia Plug-in Vulnerability
[+]
This reply has been minimised due to a negative Relevancy Score.
AdamFeldman RE: VLC Media Player Mozilla VLC Multimedia Plug-in Vulnerability
Member 17th Nov, 2010 19:38
Score: 13
Posts: 10
User Since: 15th Aug 2010
System Score: N/A
Location: US
on 14th Nov, 2010 00:20, Woulouf wrote:
Hi.

VLC 1.1.5 is out but it doesn't seem to fix the vulnerability.

I have not setup the mozilla plugin but the warning is still there.



Woulouf

Has it been confirmed that 1.1.5 doesn't fix the vulnerability?
http://www.videolan.org/security/sa1006.html claims that this has been fixed.
Was this reply relevant?
+4
-4
Woulouf RE: VLC Media Player Mozilla VLC Multimedia Plug-in Vulnerability
Member 17th Nov, 2010 20:14
Score: 10
Posts: 13
User Since: 4th Nov 2009
System Score: 100%
Location: FR
Hi,

are you sure that's the same vulnerabilty ?

Because you mention a security advisory about a hole with the Samba module and this secunia advisory is about the media plugin for Firefox (and all others non-IE browsers)



--
PSI 2.0 (attentive) user
----------------------------------
Well, it's just a damn hole-fixing-story ..... isn't it ?
Was this reply relevant?
+1
-2

AdamFeldman

RE: VLC Media Player Mozilla VLC Multimedia Plug-in Vulnerability
[+]
This reply has been minimised due to a negative Relevancy Score.

dthatcher7

RE: VLC Media Player Mozilla VLC Multimedia Plug-in Vulnerability
[+]
This reply has been minimised due to a negative Relevancy Score.
Anthony Wells RE: VLC Media Player Mozilla VLC Multimedia Plug-in Vulnerability
Expert Contributor 24th Nov, 2010 19:45
Score: 2463
Posts: 3,348
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

@dthatcher7 ,

As a new poster to the Community Forum , if you read Maurice Joyce's post at the top of this thread you will see that this "vulnerabilities" section is a "sub-forum" for input concerning the technical aspects of a specific Secunia Advisory in this case SA41801 . Your problem is about a Secunia PSI display problem which is already dealt with by Secunia here (in the Programs sub-forum) ;-

http://secunia.com/community/forum/thread/show/613...

Take care

Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+11
-5

htmtrade

RE: VLC Media Player Mozilla VLC Multimedia Plug-in Vulnerability
[+]
This reply has been deleted

crimsoncarnage

RE: VLC Media Player Mozilla VLC Multimedia Plug-in Vulnerability
[+]
This reply has been minimised due to a negative Relevancy Score.

shanne

RE: VLC Media Player Mozilla VLC Multimedia Plug-in Vulnerability
[+]
This reply has been deleted

will_in_wi

RE: VLC Media Player Mozilla VLC Multimedia Plug-in Vulnerability
[+]
This reply has been minimised due to a negative Relevancy Score.

MacDaddyG

RE: VLC Media Player Mozilla VLC Multimedia Plug-in Vulnerability
[+]
This reply has been minimised due to a negative Relevancy Score.

adamralph

RE: VLC Media Player Mozilla VLC Multimedia Plug-in Vulnerability
[+]
This reply has been minimised due to a negative Relevancy Score.
Woulouf RE: VLC Media Player Mozilla VLC Multimedia Plug-in Vulnerability
Member 13th Jan, 2011 21:24
Score: 10
Posts: 13
User Since: 4th Nov 2009
System Score: 100%
Location: FR
Hey guys

this is not a support thread for VLC

If you have nothing to add about the vulnerability, please use this forum : http://secunia.com/community/forum/programs/

Thanks

--
PSI 2.0 (attentive) user
----------------------------------
Well, it's just a damn hole-fixing-story ..... isn't it ?
Was this reply relevant?
+9
-0

heyidiot

RE: VLC Media Player Mozilla VLC Multimedia Plug-in Vulnerability
[+]
This reply has been minimised due to a negative Relevancy Score.

jannypan

RE: VLC Media Player Mozilla VLC Multimedia Plug-in Vulnerability
[+]
This reply has been deleted

vh106

RE: VLC Media Player Mozilla VLC Multimedia Plug-in Vulnerability
[+]
This reply has been minimised due to a negative Relevancy Score.

noend7

RE: VLC Media Player Mozilla VLC Multimedia Plug-in Vulnerability
[+]
This reply has been minimised due to a negative Relevancy Score.
Maurice Joyce RE: VLC Media Player Mozilla VLC Multimedia Plug-in Vulnerability
Handling Contributor 22nd Apr, 2011 23:06
Score: 11865
Posts: 9,101
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Last edited on 22nd Apr, 2011 23:23
I think there is unless the Developer has not got a clue what he is talking about. See this:

http://forum.videolan.org/viewtopic.php?f=14&t=877...

4th post down dated 4th April 2011.

Edit:

As U will see from the scoring on this thread Secunia take exception to users asking question & making statements & demands to their Vulnerability Information threads.

There are other threads dealing with this issue here:

http://secunia.com/community/forum/?forum=2&vendor...



--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+5
-4

klausus02

RE: VLC Media Player Mozilla VLC Multimedia Plug-in Vulnerability
[+]
This reply has been minimised due to a negative Relevancy Score.
Maurice Joyce RE: VLC Media Player Mozilla VLC Multimedia Plug-in Vulnerability
Handling Contributor 23rd Apr, 2011 13:18
Score: 11865
Posts: 9,101
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Last edited on 23rd Apr, 2011 13:18
Sorry - not really bothered. My post above merely corrects:

1. That there is no Mozilla plug-in.

2. He should post to the correct thread & point out the penalties may apply to everyone that adds detail to the Vulnerability Section.

3. If there is factual evidence that Secunia may be incorrect the contact details are laid down here:

http://secunia.com/products/consumer/PSI/faq/#q15

--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+6
-5

noend7

RE: VLC Media Player Mozilla VLC Multimedia Plug-in Vulnerability
[+]
This reply has been deleted

noend7

RE: VLC Media Player Mozilla VLC Multimedia Plug-in Vulnerability
[+]
This reply has been minimised due to a negative Relevancy Score.
klausus02 RE: VLC Media Player Mozilla VLC Multimedia Plug-in Vulnerability
Member 29th Apr, 2011 21:21
Score: 4
Posts: 74
User Since: 4th Feb 2011
System Score: N/A
Location: DE
@noend7

.. my be my last post caused some trouble in this thread ...

I firstly agreed with you becaused I assumed that SA41810 had been fixed with vlc 1.1.9. But this link

http://forum.videolan.org/viewtopic.php?f=14&t=877...

makes it very clear: SA41810 is definitely not fixed!

Thanks Klaus
Was this reply relevant?
+6
-1


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


Secunia is a member of FIRST Secunia is a member of EDUcause Secunia is a member of The Open Group Secunia is a member of FS-ISAC
 
Secunia © 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability - Disclaimer
follow Secunia on Facebook follow Secunia on Twitter follow Secunia on LinkedIn follow Secunia on YouTube follow Secunia Xing follow Secunias RSS feed follow Secunia on Google+