Cable Forum

Cable Forum (https://www.cableforum.uk/board/index.php)
-   Security & Virus Discussion (https://www.cableforum.uk/board/forumdisplay.php?f=38)
-   -   VLC Media Player "udp://" URI Handling Format String Vulnerability (https://www.cableforum.uk/board/showthread.php?t=33605708)

pedantic 03-01-2007 15:34
VLC Media Player "udp://" URI Handling Format String Vulnerability
 
Just a heads up, as some members have mentioned that they use this media player.

Linky

Quote:

Secunia Advisory: SA23592
Release Date: 2007-01-03


Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Unpatched

Quote:
Description:
Kevin Finisterre and LMH have reported a vulnerability in VLC media player, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a format string error when handling "udp://" URIs and can be exploited via a specially crafted web site or an M3U file with a specially crafted udp:// URI containing format string specifiers as the file name.

Successful exploitation allows execution of arbitrary code.

The vulnerability is reported in version 0.8.6 and reportedly affects both Mac OS X and Windows versions. Other versions may be affected as well.

Solution:
Do not open untrusted M3U files or visit untrusted web sites.


All times are GMT +1. The time now is 16:10.

Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2026, vBulletin Solutions Inc.
All Posts and Content are © Cable Forum