VLC player vulnerability allows hackers to execute arbitrary code

VLC player vulnerability allows hackers to execute arbitrary code

VLC player vulnerability allows hackers to execute arbitrary code.

The VideoLAN project is a community of non-profit developers who create open-source multimedia tools. The VLC player is one of the most well-known results of this project, and acts as a cross-platform multimedia player and framework that plays most multimedia files as well as DVDs, Audio CDs, VCDs, and various streaming protocols.

A Turkish hacker has revealed two zero-day vulnerabilities in library code used by the popular VLC media player and others.

The data execution prevention (CVE-2014-9597) and write access (CVE-2014-9598) violation vulnerabilities could lead to arbitrary code execution, researcher Veysel Hatas said in a post.

“VLC Media Player contains a flaw that is triggered as user-supplied input is not properly sanitised when handling a specially crafted FLV” or M2V file, Hatas said.

“This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.”

The bugs are apparently present in version 2.1.5 of VLC, tested on Windows XP SP3. Microsoft no longer supports this version. Neither of the vulnerabilities have been addressed, despite being reported to the VideoLAN project on 26 December.

Related posts

Apple Addressed Two Zero-Day Flaws In Intel-based Macs

Really Simple Security Plugin Flaw Risks 4+ Million WordPress Websites

Glove Stealer Emerges A New Malware Threat For Browsers

3 comments

Leonardo April 20, 2015 - 5:21 pm
The word "hata" means error
Leonardo April 20, 2015 - 5:22 pm
oops sorry i didnt saw it was guys name
Himmat January 21, 2015 - 4:29 pm
How to bypass cyberoam. Pls give me suggestions.

Comments are closed.

Add Comment