Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: VLC Media Player Mozilla VLC Multimedia Plug-in Vulnerability

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Programs

Relating to this vendor:
VideoLAN
And, this specific program:
VLC media player 1.x

This thread has been marked as locked.
newpost VLC Media Player Mozilla VLC Multimedia Plug-in Vulnerability
Member 20th Nov, 2010 18:15
Ranking: 2
Posts: 34
User Since: 7th Aug, 2010
System Score: N/A
Location: DE
Last edited on 20th Nov, 2010 18:17

As I see the vulnerability does only afect the firefox add-on which I don't have so it is very bad to show this vulnerability. I get only false positives and have no positive to say about psi. Just too many false positives. It is very sad. I was expecting more from psi.

mogs RE: VLC Media Player Mozilla VLC Multimedia Plug-in Vulnerability
Expert Contributor 21st Nov, 2010 08:53
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Hello.
Here is a copy of the current advisory :-


If you have information about a new or an existing vulnerability in VLC media player 1.x then you are more than welcome to contact us.


Vendor, Links, and Unpatched Vulnerabilities

Vendor VideoLAN

Product Link N/A

Affected By 7 Secunia advisories
17 Vulnerabilities

Monitor Product Receive alerts for this product

Unpatched 14% (1 of 7 Secunia advisories)

Most Critical Unpatched
The most severe unpatched Secunia advisory affecting VLC media player 1.x, with all vendor patches applied, is rated Highly critical .


http://secunia.com/advisories/product/25892/

--
Was this reply relevant?
+1
-0
Anthony Wells RE: VLC Media Player Mozilla VLC Multimedia Plug-in Vulnerability
Expert Contributor 21st Nov, 2010 12:18
Score: 2384
Posts: 3,280
User Since: 19th Dec 2007
System Score: N/A
Location: N/A


Hello @newpost ,

The PSI shows very few false positives ; what it tends to show is vulnerable/insecure files whose danger depends on location and the consequent accessibility to malware and the bad guys .

There is a detection problem concerning the VLC Mozilla plug-in showing up in secure browsing even when it is not installed ; this is occurring on my system atm .

The reasons are explained by a Secunia Official in this thread :-

http://secunia.com/community/forum/thread/show/613...

Hope that is clear for you .

Have you sorted your "FP's" from your earlier threads , you did not follow them up by replying to us in them ??

Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+1
-0
newpost RE: VLC Media Player Mozilla VLC Multimedia Plug-in Vulnerability
Member 21st Nov, 2010 18:41
Score: 2
Posts: 34
User Since: 7th Aug 2010
System Score: N/A
Location: DE
@Anthony:

I have just given up to repling to the other false positive threads as seunia doesn't see any need in implementing a ingoring button only for vulnerabilities. You can only ignore the whole program wich is not really helpfull to keep your seystem safe. I have just no words. And because of that the statistics don't say any truth as I have a bunch of false positives and you can point it out but nothing happened.

I can only make a list of the false positives and ignore it each time myself. It is sad but I see no other solution as secunia sees no problem in the quite big number of false positives or have no idea how to solve this problem.

PSI even cannot recognize that my system is not the one which is affected or I don' have the add-on and so on. So I just can give up as I don't have so much time for such things which doesn't make any results.

I just give up that has no sense to try change anything as I see the responses for the other threads. Everybody is saing that I should try to solve the problems with the false positives and not secunia. So it is just ridiculously.

Am I responsible for the false positives? Why? Since when?
Was this reply relevant?
+0
-0
Anthony Wells RE: VLC Media Player Mozilla VLC Multimedia Plug-in Vulnerability
Expert Contributor 22nd Nov, 2010 13:03
Score: 2384
Posts: 3,280
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

I'll take that as a "No" then .

Take care

Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Factsheets
Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability