Forum Thread: VLC - Program versus plug-in

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
PSI

This thread has been marked as locked.
Midnight_Voice VLC - Program versus plug-in
Member 16th Jun, 2011 18:22
Ranking: 50
Posts: 89
User Since: 1st Oct, 2010
System Score: 96%
Location: UK
I have VLC as vlc.exe version 1.1.10.0. PSI thinks this is OK, vis-a-vis Advisory SA44412.

I also have VLC as a plug-in in Safari, IE8, and FF 4.0.1. Under Secure Browsing, PSI thinks these are not OK, vis-a-vis Advisory SA41810.

Unlike the thread hanging off these advisories, which has got rather intemperate, I am happy to take this discrepancy at face value - VLC have fixed the program, but not fixed their plugins, which are not quite the same, fair enough.

However, when I double-click one of these plugins, I get a display which refers to vlc.exe, says it's OK, refers to SA44412.

It's wrong that that's what happens, isn't it?


--
A computer program can do pretty much anything the user doesn't know is impossible for it to do.

XP Home 32-bit - Compaq Presario V2000 Celeron 1.4GHz
Vista Ultimate 32-bit - Toshiba Equium A100 Centrino Duo 1.7GHz
Windows 7 Ultimate 64-bit - Dell Studio XPS 1645 Core i7-720 Quad 1.6-2.4GHz
(Also running XP Pro in Windows XP Mode 32-bit)
Windows 8.1 Home Premium 64-bit - Lenovo IdeaPad Z500 Core i5 2.6Ghz

wr RE: VLC - Program versus plug-in
Contributor 16th Jun, 2011 21:10
Score: 308
Posts: 739
User Since: 30th Mar 2008
System Score: 100%
Location: US
Hi Midnight Voice

This subject of VLC Player & the plug-in for Mozilla
has been beat to death here. If you do a search of VideaLAN/VLC Player on the Forum
you'll find 2 pages of posts that stretch back
almost a year. The posts' really do make for a good read
& answer most all questions regarding this 'problem'.
This vulnerability in the plug-in goes back
to 2008 so it's nothing new.

I'm not going to provide a synopsis here-just read the posts & draw your own conclusion(s). I did
& uninstalled the VLC media player.

Can't wait for Anthony Wells to see, read, & comment.

Hope this helps.

Regards, wr

--
HP Pavilion Slimline s3020n
Windows Vista Home Premium SP2 32 bit
AMD 64 Athlon X2
Firefox 31.4.0 ESR
The weakest link of a computer system is always sitting in front of the monitor.
Was this reply relevant?
+0
-0
Anthony Wells RE: VLC - Program versus plug-in
Expert Contributor 16th Jun, 2011 23:37
Score: 2493
Posts: 3,383
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 16th Jun, 2011 23:39


--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0
Midnight_Voice RE: VLC - Program versus plug-in
Member 16th Jun, 2011 23:55
Score: 50
Posts: 89
User Since: 1st Oct 2010
System Score: 96%
Location: UK


--
A computer program can do pretty much anything the user doesn't know is impossible for it to do.

XP Home 32-bit - Compaq Presario V2000 Celeron 1.4GHz
Vista Ultimate 32-bit - Toshiba Equium A100 Centrino Duo 1.7GHz
Windows 7 Ultimate 64-bit - Dell Studio XPS 1645 Core i7-720 Quad 1.6-2.4GHz
(Also running XP Pro in Windows XP Mode 32-bit)
Windows 8.1 Home Premium 64-bit - Lenovo IdeaPad Z500 Core i5 2.6Ghz
Was this reply relevant?
+0
-0
Anthony Wells RE: VLC - Program versus plug-in
Expert Contributor 17th Jun, 2011 00:13
Score: 2493
Posts: 3,383
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 17th Jun, 2011 00:16
Hi ,

I was tempted to use the word "simples" myself ; glad I didn't , saves embarrassment .

The whole point of the n'importe quoi and to which you add shovels full is that the PSI rules and VLC bundling prevent individual plug-in detection at all times and in all events , so any installation of the VLC Player , with whatever configuration , is considered as "insecure/no solution" and not safe for browsing !! SIMPLES!! Click the SA not the entry .

Like OGSO says , do your reading and I suggest add some silver bullets "tout de suite" to your ear wings in the interim .

Behind you .

Anthony



--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0
Midnight_Voice RE: VLC - Program versus plug-in
Member 17th Jun, 2011 00:58
Score: 50
Posts: 89
User Since: 1st Oct 2010
System Score: 96%
Location: UK
on 17th Jun, 2011 00:13, Anthony Wells wrote:
Hi ,

I was tempted to use the word "simples" myself ; glad I didn't , saves embarrassment .

The whole point of the n'importe quoi and to which you add shovels full is that the PSI rules and VLC bundling prevent individual plug-in detection at all times and in all events , so any installation of the VLC Player , with whatever configuration , is considered as "insecure/no solution" and not safe for browsing !! SIMPLES!! Click the SA not the entry .

Like OGSO says , do your reading and I suggest add some silver bullets "tout de suite" to your ear wings in the interim .

Behind you .

Anthony


Life's too short :-(

If I read you aright, you seem to be implying that because there was once a VLC that wasn't safe, and because PSI, for some reason, doesn't/can't detect what the plug-in's version actually is, it errs on the side of caution and says the plug-in isn't safe, even though it might perfectly well be.

OTOH, wr has chosen to uninstall VLC - not just as a plug-in, but everywhere it seems - on the grounds that it is never safe.

Does not compute.

Now please excuse me while I eat this delicious meal of Spanish cucumber and German bean sprouts :-)

M_V


--
A computer program can do pretty much anything the user doesn't know is impossible for it to do.

XP Home 32-bit - Compaq Presario V2000 Celeron 1.4GHz
Vista Ultimate 32-bit - Toshiba Equium A100 Centrino Duo 1.7GHz
Windows 7 Ultimate 64-bit - Dell Studio XPS 1645 Core i7-720 Quad 1.6-2.4GHz
(Also running XP Pro in Windows XP Mode 32-bit)
Windows 8.1 Home Premium 64-bit - Lenovo IdeaPad Z500 Core i5 2.6Ghz
Was this reply relevant?
+0
-0
wr RE: VLC - Program versus plug-in
Contributor 17th Jun, 2011 01:20
Score: 308
Posts: 739
User Since: 30th Mar 2008
System Score: 100%
Location: US
Hi M_V

The reason I uninstalled VLC was because I
have Ff as my default browser & only use Internet Exploder when Ff fails
that means usually just to do Windoze Updates.
Since Windoze Media Player is a bundled program
why take the risk with the vulnerable VLC plug-in
for Ff?

Enjoy your meal as I'm about to do the same.

Until next time.

Regards, wr


--
HP Pavilion Slimline s3020n
Windows Vista Home Premium SP2 32 bit
AMD 64 Athlon X2
Firefox 31.4.0 ESR
The weakest link of a computer system is always sitting in front of the monitor.
Was this reply relevant?
+0
-0
Midnight_Voice RE: VLC - Program versus plug-in
Member 17th Jun, 2011 01:50
Score: 50
Posts: 89
User Since: 1st Oct 2010
System Score: 96%
Location: UK
on 17th Jun, 2011 01:20, wr wrote:
Hi M_V

The reason I uninstalled VLC was because I
have Ff as my default browser & only use Internet Exploder when Ff fails
that means usually just to do Windoze Updates.
Since Windoze Media Player is a bundled program
why take the risk with the vulnerable VLC plug-in
for Ff?

Enjoy your meal as I'm about to do the same.

Until next time.

Regards, wr


Ah yes, I understand. And I do the same as you - FF for everything except Windoze updates, and a couple of sites where FF gets it wrong (Sony local dealer popover and some Tesco Online basket amendment issue - both reported via the FF link for that, but no satisfaction yet) where I use IE8 under protest.

But I have video files that WMP is not at all happy with - dropped frames, sound goes out of sync, won't play at all, can't see the alternative English soundtrack and insists on playing the file in Italian, shows the subtitles only in the Wingdings font - that sort of thing. Whereas VLC plays them perfectly.

Hence I need to keep VLC around. But I shall take care to exercise caution with it, and keep my Avast up to date...

Cheers

M_V

--
A computer program can do pretty much anything the user doesn't know is impossible for it to do.

XP Home 32-bit - Compaq Presario V2000 Celeron 1.4GHz
Vista Ultimate 32-bit - Toshiba Equium A100 Centrino Duo 1.7GHz
Windows 7 Ultimate 64-bit - Dell Studio XPS 1645 Core i7-720 Quad 1.6-2.4GHz
(Also running XP Pro in Windows XP Mode 32-bit)
Windows 8.1 Home Premium 64-bit - Lenovo IdeaPad Z500 Core i5 2.6Ghz
Was this reply relevant?
+0
-0
SimonPhilips RE: VLC - Program versus plug-in
Member 17th Jun, 2011 14:13
Score: 0
Posts: 1
User Since: 17th Jun 2011
System Score: N/A
Location: US
I have my VLC also and so far got no problems using them with my other plugins :)

--
http://keywestmls.com/
Was this reply relevant?
+0
-0
Anthony Wells RE: VLC - Program versus plug-in
Expert Contributor 17th Jun, 2011 15:36
Score: 2493
Posts: 3,383
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

Hi ,

This thread is now likely to clog up with tag-ons and fill my mail box with spam , so I will unsubscribe ; over to you M_V .

There are options to VLC , I have MPC Home Cinema and DivX plugged in ; just don't go on line in Ff with the VLC Player Ff plug-in loaded and be sure of the origin of your files ; in fact , be absolutely sure of their provenance whatever player is being used :-

http://www.techsupportalert.com/best-free-windows-...

Glad your eating well OGSO .

Simon , FYI the Firefox plug-in is "insecure" , is unlikely to be fixed in my lifetime and should be avoided ; hence it it is not selected for installation by default in the install process of the VLC Player . Just because you ain't been bitten yet is nothing whatsoever to go by , believe me .

Bi y'all .

Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0

This thread has been marked as locked.