VLC is a popular media player among BitTorrent users. Not just for the fact that it is free, also because it includes a huge number of the video codecs, so it can play virtually every video file available.Unfortunately, the latest versions of VLC have a security flaw according to a report from Luigi Auriemma. The vulnerability can be exploited to compromise a userâ€™s system, as it leaves it wide open for a malicious user to run arbitrary code.
The problem occurs when a someone loads a subtitle file, which causes a buffer overflow that can be exploited. The security flaw is platform independent, which means it affects Windows, Mac and Linux users.
Initially it was reported that the flaws in version 0.8.6d were fixed in the latest release, but this turns out not to be the case. Auriemma writes: â€œThe old buffer-overflow in the subtitles handled by VLC has not been fully patched in version 0.8.6e.â€
â€œThe funny thing is that my old proof-of-concept was built just to test this specific buffer-overflow and in fact it works on the new VLC version too without modifications,â€ he adds.
For now, the only solutions are not to run any subtitle files, or to grab one of the nightly builds. The downside is, however, that these might not be as stable as the regular releases.
Related Posts: On this day...
- Draw Something bought by Zynga - 2012
- A brief history of time zones - 2011
- How the American phone companies used to feel about privacy - 2010
- Discarded photocopier hard drives stuffed full of corporate secrets - 2010
- iPhone SMS database hacked in 20 seconds - 2010
- Ubuntu 9.04 vs Fedora 11 - 2009
- Six Tips For Doing More Security With Less - 2009
- Watch out for the fake hotel inspector - 2008