Your Ad Here Your Ad Here
Page 1 of 2 12 LastLast
Results 1 to 10 of 15

Thread: "VLC Player Vulnerable to Remote Hijack"

  1. #1
    Jdsnut's Avatar Poster BT Rep: +1
    Join Date
    Dec 2007
    Location
    A box
    Posts
    89
    VLC is a fully used player because of it massive amounts of codecs, and the new version has a major security flaw.
    The problem can be exploited to a point where it compromises a person system,
    as it leaves it wide open for a malicious user to run arbitrary code.
    Version 0.8.6d was supposedly fix but for some reason it passed testing even though the patch didn't work.
    I'm kinda glad I removed it when I did.





    Homepage: http://torrentfreak.com/vlc-player-v...hijack-080318/

  2. News (Archive)   -   #2
    Skiz's Avatar (_8(I)
    Join Date
    May 2003
    Location
    CO
    Age
    40
    Posts
    29,631
    I still won't remove it.

    If some loser wants to run an "arbitrary code" on my computer, they're probably smart enough to do it without the help of some VLC flaw.

    It also states that the vulnerability is only when running a subtitle file which I never do and can't see doing in the near future.



    ΜΟΛΩΝ ΛΑΒΕ
    The FST Last.fm group

  3. News (Archive)   -   #3
    akenat0n's Avatar Member
    Join Date
    Mar 2008
    Location
    Argentina
    Posts
    16
    The 0.8.6e is out and I think it's somewhat fixed, however, Secunia says "Do not process untrusted subtitles using VLC."

    Who opens unknowns files?

  4. News (Archive)   -   #4
    Enlightened's Avatar BT God BT Rep: +100BT Rep +100BT Rep +100BT Rep +100BT Rep +100BT Rep +100BT Rep +100BT Rep +100BT Rep +100BT Rep +100BT Rep +100BT Rep +100BT Rep +100BT Rep +100BT Rep +100BT Rep +100BT Rep +100BT Rep +100BT Rep +100BT Rep +100
    Join Date
    Feb 2007
    Location
    Northern Cali
    Posts
    3,699
    VLC Player Vulnerable to Remote Hijack

    Posted on 19.03.2008 at 02:13 in Tech News by Kennii
    VLC Player, one of the best and most widely used media players has found to be vulnerable to a remote hijack. The reported vulnerability makes it possible for a malicious user to run arbitrary code, potentially taking remote control of the host machine.
    VLC is a popular media player among BitTorrent users. Not just for the fact that it is free, also because it includes a huge number of the video codecs, so it can play virtually every video file available. Unfortunately, the latest versions of VLC have a security flaw according to a report from Luigi Auriemma. The vulnerability can be exploited to compromise a user’s system, as it leaves it wide open for a malicious user to run arbitrary code.
    The problem occurs when a someone loads a subtitle file, which causes a buffer overflow that can be exploited. The security flaw is platform independent, which means it affects Windows, Mac and Linux users.
    Initially it was reported that the flaws in version 0.8.6d were fixed in the latest release, but this turns out not to be the case. Auriemma writes: “The old buffer-overflow in the subtitles handled by VLC has not been fully patched in version 0.8.6e.”
    “The funny thing is that my old proof-of-concept was built just to test this specific buffer-overflow and in fact it works on the new VLC version too without modifications,” he adds.
    For now, the only solutions are not to run any subtitle files, or to grab one of the nightly builds. The downside is, however, that these might not be as stable as the regular releases.

  5. News (Archive)   -   #5

  6. News (Archive)   -   #6
    Poster BT Rep: +85BT Rep +85BT Rep +85BT Rep +85BT Rep +85BT Rep +85BT Rep +85BT Rep +85BT Rep +85BT Rep +85BT Rep +85BT Rep +85BT Rep +85BT Rep +85BT Rep +85BT Rep +85BT Rep +85
    Join Date
    Jan 2008
    Location
    Atlanta, GA
    Posts
    341
    So, does that mean we'll be safe as long as we don't play any title with subtitle / captions...?

  7. News (Archive)   -   #7
    Enlightened's Avatar BT God BT Rep: +100BT Rep +100BT Rep +100BT Rep +100BT Rep +100BT Rep +100BT Rep +100BT Rep +100BT Rep +100BT Rep +100BT Rep +100BT Rep +100BT Rep +100BT Rep +100BT Rep +100BT Rep +100BT Rep +100BT Rep +100BT Rep +100BT Rep +100
    Join Date
    Feb 2007
    Location
    Northern Cali
    Posts
    3,699
    Quote Originally Posted by amade View Post
    So, does that mean we'll be safe as long as we don't play any title with subtitle / captions...?
    Yes....

  8. News (Archive)   -   #8
    twat BT Rep: +35BT Rep +35BT Rep +35BT Rep +35BT Rep +35BT Rep +35BT Rep +35
    Join Date
    Nov 2007
    Posts
    3,137
    A simple answer i don`t use VLC.. BSplayer runz the show around movies


  9. News (Archive)   -   #9
    Poster BT Rep: +85BT Rep +85BT Rep +85BT Rep +85BT Rep +85BT Rep +85BT Rep +85BT Rep +85BT Rep +85BT Rep +85BT Rep +85BT Rep +85BT Rep +85BT Rep +85BT Rep +85BT Rep +85BT Rep +85
    Join Date
    Jan 2008
    Location
    Atlanta, GA
    Posts
    341
    Quote Originally Posted by Enlightened View Post
    Quote Originally Posted by amade View Post
    So, does that mean we'll be safe as long as we don't play any title with subtitle / captions...?
    Yes....
    Thx for the quick response. Now I'm relieved

  10. News (Archive)   -   #10
    Disme's Avatar I'm Belgian BT Rep: +7BT Rep +7
    Join Date
    Dec 2006
    Posts
    2,623
    Hmmm ... little confused here. If you are behind a router with firewall and you have a decent AV and you have a software firewall and some other crap that keeps track of things that happen on your box. How can someone come into your PC and execute some kind of code???

    Doesn't this implies someone has ta have the possibility to get into your PC first to execute the code???

Page 1 of 2 12 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •