Security Flaw Found in VLC Media Player 2.0.5 & Earlier

VLC Media PlayerVideoLAN is advising VLC media player users not to open files from untrusted third-parties following the discovery of a vulnerability in the ASF demuxer of VLC media player versions 2.0.5 and earlier.

According to the security advisory posted on the VideoLAN website, a buffer overflow might occur when parsing a specially crafted ASF movie, which could allow an attacker to trigger an invalid memory access & crash VLC media player.

The advisory also warns that this exploit could potentially be used by attackers to execute arbitrary code “within the content of the application,” although that scenario has not been confirmed.

VideoLAN states that this vulnerability will be patched in version 2.0.6, but it’s unclear when it will be released. The advisory hinted at a January release, but only 2.0.5 remains available to download.

In the meantime, users can protect themselves by:

  • Only opening or accessing files that come from trusted sources.
  • Disabling VLC browser plugins until the patch is applied.
  • Manually removing the ASF demuxer (libasf_lugin.*) from the VLC plugin installation directory to prevent ASF movie playback.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

This entry was posted in Computer Security, social engineering, technology and tagged , , .
Follow any comments here with the RSS feed for this post. Trackbacks are closed, but you can post a comment.

© 2014 Hyphenet, Inc.
1761 Hotel Circle S, Suite 350, San Diego, CA 92108

All rights reserved. Reproduction in whole or in part in any form or medium without express written permission is prohibited.

Hyphenet IT Security Blog located at 1761 Hotel Circle South, Suite 350 , San Diego, CA . Reviewed by 91 customers rated: 3.8 / 5