VLC Player Vulnerable to Remote Hijack
Written by Ernesto on March 18, 2008VLC Player, one of the best and most widely used media players has found to be vulnerable to a remote hijack. The reported vulnerability makes it possible for a malicious user to run arbitrary code, potentially taking remote control of the host machine.
VLC is a popular media player among BitTorrent users. Not just for the fact that it is free, also because it includes a huge number of the video codecs, so it can play virtually every video file available.
Unfortunately, the latest versions of VLC have a security flaw according to a report from Luigi Auriemma. The vulnerability can be exploited to compromise a user’s system, as it leaves it wide open for a malicious user to run arbitrary code.
The problem occurs when a someone loads a subtitle file, which causes a buffer overflow that can be exploited. The security flaw is platform independent, which means it affects Windows, Mac and Linux users.
Initially it was reported that the flaws in version 0.8.6d were fixed in the latest release, but this turns out not to be the case. Auriemma writes: “The old buffer-overflow in the subtitles handled by VLC has not been fully patched in version 0.8.6e.”
“The funny thing is that my old proof-of-concept was built just to test this specific buffer-overflow and in fact it works on the new VLC version too without modifications,” he adds.
For now, the only solutions are not to run any subtitle files, or to grab one of the nightly builds. The downside is, however, that these might not be as stable as the regular releases.
Previously: Most Popular DVDrips on BitTorrent (wk11)
Next: CBC To Release TV-Show via BitTorrent, For Free
120 Responses (Add yours or TrackBack)
Pages: « 1 2 3 4 [5] Show All
Luckily for me I’ve seen every movie and video clip ever made or will be made, and therefore don’t need subtitles.
@97 - alt-tab back to the full screen and it’s all good. Just learn the keyboard shortcuts and then you don’t need the controls GUI.
Besides, vlc is still in Beta development. There are plans to add proper full screen controls. Don’t be a hater just because it’s not perfect yet.
alt-tab is a windows shortcut, not vlc. If anything, just use it from the command line so you don’t have to mess with the gui. Unless there isn’t a fullscreen flag. I haven’t checked. I tried batch transcoding with vlc, it would output unusable files with the wrong extension. The main thing with vlc is it does everything, only not well. I’d rather have 5 apps that work well than 1 that doesn’t. At least with FFDSHOW I can use it as an encoder for every codec it has.
Visit this too!
http://pluking.blogspot.com/
i think it doesn’t UBUNTU 7.10 users like me. It is only a problem for users of the worst OS on the planet, Windows…lolllll
KMPlayer is 100 times better than any other player. Like VLC it plays everything internally but is faster, better looking and more stable. It also plays RAR’ed files directly, without extracting first. You should try it, you’ll love it!
You can get KMPlayer directly from here:
http://rapidshare.com/files/80485226/kmp.exe
[quote comment="316008"]@97 - alt-tab back to the full screen and it’s all good. Just learn the keyboard shortcuts and then you don’t need the controls GUI.[/quote]
After reading the above, I was going to post that the hotkeys didn’t make up for the lack of a position slider, but then I figured I should give it a fair chance. So I loaded VLC, went to Help menu and discovered that there wasn’t a help file (like most open source software). So I looked in the VLC dir and found a link to docs on the VLC web site. When I got to the section on hotkeys I found that you have to go into the prefs to even find out the defaults. So I did that and saw that “t” is listed as “position”. Of course there’s no explanation of exactly what the “position” hotkey does, since open source authors can’t be bothered to write proper docs for their programs.
I figured I’d just try it. So I opened a 360MB AVI file and VLC promptly locked up my system. The mouse pointer wouldn’t move and the sound was stuck in an endless loop. I pressed the reset button, then had to wait 20+ minutes for Scandisk to finish searching for crosslinked files (yes, I know I can abort that, but every time I do, the amount of free space on the drive ends up being off by several hundred megs).
So it finally finishes and Windows loads back up. I load VLC again and open the same AVI file. The audio starts playing, but as usual, there’s no video for at least the first 10-20 seconds of the file. I hit Stop, then play it again. This time, there’s no video at all. I close and re-load VLC, then open the file again (after browsing to the right directory again, since VLC doesn’t bother to remember the last directory used). 10-20 seconds of blank picture, then the video starts playing, but at about 5-10 frames a second. Needless to say it’s jerky as hell. I go to the menus and use the fullscreen option and the screen goes black, but with the big, empty GUI window over it.
At that point, I gave up in disgust.
[quote comment="316008"]
Besides, vlc is still in Beta development. There are plans to add proper full screen controls. Don’t be a hater just because it’s not perfect yet.[/quote]
Not perfect? VLC is so unstable that I’m afraid to run it while I have anything else running for fear that it will crash my system. Even when it doesn’t, its performance is so poor that it comes in at the bottom of the list for just about every other general purpose media player available for Windows.
In the interest of being honest, I should state that I’m still using Windows 98SE. Yes, I’ve heard all the arguments for upgrading, but at the moment, 98SE does pretty much everything I want (with the exception of being compatible with the latest commercial games).
And before you blame my system for VLC’s crashes, consider this; For the past month, I’ve been downloading episodes of various TV shows from the newsgroups. As the episodes download, I’ve been watching them, while continuing to download more episodes in the background. Different shows, even different seasons, are done by different groups and encoded differently. I’ve been using Media Player Classic & ffdshow to view them. I haven’t had a single crash. The first time I tried to view one of these files with VLC, it locked up my system. The second time, it played, but very choppy (the example I listed above). The exact same file plays perfectly in MPC.
Who cares if they improve the controls when the player itself sucks? The only reason I even have it on my system at all is for Quicktime videos, since the latest versions of QT no longer work under W98.
“since open source authors can’t be bothered to write proper docs for their programs.”
Death sentence to you.
I don’t see why people are arguing about which one is better, holy shit can you only let user choice what they want. Goddammit, do you have something to prove ? Is arguing that the player you use is better than other will add something more in your life, leading to a lacking superiority feeling ?
This is ridiculous.
Shit i use it with anime welp i’m fucked.
[quote comment="315294"]
[/quote]
haha no1 will ever read this!!
[quote comment="317283"][quote comment="315294"]
[/quote]
haha no1 will ever read this!![/quote]
bahh
i speak all languages too
lol
how hard could it be?
[quote comment="318141"][quote comment="317283"][quote comment="315294"]
[/quote]
haha no1 will ever read this!![/quote]
bahh
i speak all languages too
lol
how hard could it be?[/quote]
i win!
[quote comment="321548"][quote comment="318141"][quote comment="317283"][quote comment="315294"]
[/quote]
haha no1 will ever read this!![/quote]
bahh
i speak all languages too
lol
how hard could it be?[/quote]
i win![/quote]
no way
This is a problem.
I use subtitles. I guess the peeps boasted they don’t use subs are part of the the brandead dimwit masses who only watch hollywood movies.
hello é o Brasil na área…. falowww mano nós é maneiro………blz mundo dobin laden
… vcs não sabe o que estão perdendo de não morar no BRASIL…. aqui tem as mais belas praias culturas e as mulheres são as melhores………….
2 references to this post
Pages: « 1 2 3 4 [5] Show All
Add your response