VLC player vulnerability allows hackers to execute arbitrary code

VLC player vulnerability allows hackers to execute arbitrary code

VLC player vulnerability allows hackers to execute arbitrary code.

The VideoLAN project is a community of non-profit developers who create open-source multimedia tools. The VLC player is one of the most well-known results of this project, and acts as a cross-platform multimedia player and framework that plays most multimedia files as well as DVDs, Audio CDs, VCDs, and various streaming protocols.

A Turkish hacker has revealed two zero-day vulnerabilities in library code used by the popular VLC media player and others.

The data execution prevention (CVE-2014-9597) and write access (CVE-2014-9598) violation vulnerabilities could lead to arbitrary code execution, researcher Veysel Hatas said in a post.

“VLC Media Player contains a flaw that is triggered as user-supplied input is not properly sanitised when handling a specially crafted FLV” or M2V file, Hatas said.

“This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.”

The bugs are apparently present in version 2.1.5 of VLC, tested on Windows XP SP3. Microsoft no longer supports this version. Neither of the vulnerabilities have been addressed, despite being reported to the VideoLAN project on 26 December.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients

3 comments

Leonardo April 20, 2015 - 5:21 pm
The word "hata" means error
Leonardo April 20, 2015 - 5:22 pm
oops sorry i didnt saw it was guys name
Himmat January 21, 2015 - 4:29 pm
How to bypass cyberoam. Pls give me suggestions.

Comments are closed.

Add Comment