VLC player vulnerability allows hackers to execute arbitrary code

VLC player vulnerability allows hackers to execute arbitrary code.

The VideoLAN project is a community of non-profit developers who create open-source multimedia tools. The VLC player is one of the most well-known results of this project, and acts as a cross-platform multimedia player and framework that plays most multimedia files as well as DVDs, Audio CDs, VCDs, and various streaming protocols.

A Turkish hacker has revealed two zero-day vulnerabilities in library code used by the popular VLC media player and others.

The data execution prevention (CVE-2014-9597) and write access (CVE-2014-9598) violation vulnerabilities could lead to arbitrary code execution, researcher Veysel Hatas said in a post.

“VLC Media Player contains a flaw that is triggered as user-supplied input is not properly sanitised when handling a specially crafted FLV” or M2V file, Hatas said.

“This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.”

The bugs are apparently present in version 2.1.5 of VLC, tested on Windows XP SP3. Microsoft no longer supports this version. Neither of the vulnerabilities have been addressed, despite being reported to the VideoLAN project on 26 December.

3 thoughts on “VLC player vulnerability allows hackers to execute arbitrary code

  • April 20, 2015 at 5:21 pm
    Permalink

    The word “hata” means error

    Reply
    • April 20, 2015 at 5:22 pm
      Permalink

      oops sorry i didnt saw it was guys name

      Reply
  • January 21, 2015 at 4:29 pm
    Permalink

    How to bypass cyberoam.
    Pls give me suggestions.

    Reply

Leave a Reply