VLC Player Vulnerable to Remote Hijack
Written by Ernesto on March 18, 2008VLC Player, one of the best and most widely used media players has found to be vulnerable to a remote hijack. The reported vulnerability makes it possible for a malicious user to run arbitrary code, potentially taking remote control of the host machine.
VLC is a popular media player among BitTorrent users. Not just for the fact that it is free, also because it includes a huge number of the video codecs, so it can play virtually every video file available.
Unfortunately, the latest versions of VLC have a security flaw according to a report from Luigi Auriemma. The vulnerability can be exploited to compromise a user’s system, as it leaves it wide open for a malicious user to run arbitrary code.
The problem occurs when a someone loads a subtitle file, which causes a buffer overflow that can be exploited. The security flaw is platform independent, which means it affects Windows, Mac and Linux users.
Initially it was reported that the flaws in version 0.8.6d were fixed in the latest release, but this turns out not to be the case. Auriemma writes: “The old buffer-overflow in the subtitles handled by VLC has not been fully patched in version 0.8.6e.”
“The funny thing is that my old proof-of-concept was built just to test this specific buffer-overflow and in fact it works on the new VLC version too without modifications,” he adds.
For now, the only solutions are not to run any subtitle files, or to grab one of the nightly builds. The downside is, however, that these might not be as stable as the regular releases.
Previously: Most Popular DVDrips on BitTorrent (wk11)
Next: CBC To Release TV-Show via BitTorrent, For Free
120 Responses (Add yours or TrackBack)
Pages: [1] 2 3 4 5 » Show All
Oh dear, glad I don’t use subtitles!
VLC does really rock!
ha. glad i dont use VLC
CCCP+MPC is far superior to VLC
VLC is le hardcore
Agreed with post #3.
vlc sucks at rendering subtitles anyway. Just use mpc and combined community codec pack on windows and mplayer on mac if you want decent subs.
I dont need subs, I just watch the raw.
Good that VLC is free software so that people can take care of it. A flaw in a proprietary piece of software would probably be swept under the rug because it would interfere with marketing. Or worse, it could intentionally be used to exploit users.
Never use subtitles so. pfft.
Luckily for me I speak every language in the world, including dead ones, and therefore don’t need subtitles.
KMPlayer is superior to everything and it looks good unlike VLC
FREE WHAT.CD INVITES
irc.what.cd #what.cd-invites
[quote comment="314040"]Luckily for me I speak every language in the world, including dead ones, and therefore don’t need subtitles.[/quote]
البريّة في العالم، وتقطن الببور الغابات أو الأراضي العشبيّة حيث يساعدها فراؤها المخطط على التموّه بشكلٍ كبير وبالتالي اصطياد فرائس تكون في العادة أكثر رشاقة وسرعةً منها. تحب الببور أن تنزل في الماء بشكلٍ مستمر في الأيام الحارّة، لكنها على عك
u feel me ?
MPC+CCCP. Fuck VLC and its propriatary codecs.
VLC has propriatary codecs? What are you smoking? I don’t have any respect for people who use anything but MPlayer. MPlayer kills them all and lets god sort ‘em out.
[quote comment="314040"]Luckily for me I speak every language in the world, including dead ones, and therefore don’t need subtitles.[/quote]
Da, debilu, ako razumiješ hrvatski, vjerojatno ćeš odgovorit na ovaj post.
Bastardo, se capisci cosa ho scritto, mi risponderai su questo post.
Kurba ena ameriška, ko veš slovenski, tajsti post ti ne bu všeč.
Dont’let me keep going on and on… ;-)
Windows = CCCP
Everything else = MPlayer
On Mac there is no other player worth using. PC VLC kinda sucks but I use it because I am use to VLC on mac.
I would have to say the most users do not use the subtitle function. I have only used it with dotHACK.
[quote comment="314068"]VLC has propriatary codecs? What are you smoking? I don’t have any respect for people who use anything but MPlayer. MPlayer kills them all and lets god sort ‘em out.[/quote]
Yes. Unlike ffdshow for example, you cannot use VLC’s codecs with any other application except VLC, proprietary. VLC is for idiots that dont know or dont care what codecs they need so use VLC which uses its own libcodecs which are useless if ever you need to do anything outside of VLC, and you’d need to find the ones you needed anyway, like FLAC, XviD or Divx. And its pretty useless with HD content like AVC and TS.
פּשּׂﭯצּﬠ פּטּשּﬠלּ ﭱﭬﭰ ?
[quote]MPC+CCCP. Fuck VLC and its propriatary codecs.[/quote]
Are you stupid? VLC uses libavcodec, from the ffmpeg project (mplayer uses this too). It’s completely free and open source.
[quote]Yes. Unlike ffdshow for example, you cannot use VLC’s codecs with any other application except VLC, proprietary. VLC is for idiots that dont know or dont care what codecs they need so use VLC which uses its own libcodecs which are useless if ever you need to do anything outside of VLC, and you’d need to find the ones you needed anyway, like FLAC, XviD or Divx. And its pretty useless with HD content like AVC and TS.[/quote]
XD
Read what I said above about VLC using libavcodec, from the ffmpeg probject.
Guess what?
Ffdshow does too!
Just because something is not a directshow filter (like ffdshow is, allowing you to use it on all directshow players like windows media player and mpc) doesn’t mean it is proprietary.
CCCP is a joke. VLC works just fine(especially for linux). There are better stuff out than CCCP like KMP.
http://img215.imageshack.us/img215/9202/1201470301470tt2.jpg
http://img215.imageshack.us/img215/9202/1201470301470tt2.jpg
Can its codecs be used with any other application? No, they are exclusivly for VLC. Exclusive use = proprietary. Try reading a fucking dictionary. That has nothing to do with wether the components are open sourced or not, they are specificaly coded for VLC.
Pages: [1] 2 3 4 5 » Show All
Add your response