In association with heise online

26 June 2009, 13:39

Hole in VLC Media Player

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

According to security service provider Secunia, a vulnerability in the Windows version of the VLC media player can be exploited in order to compromise a system. An attack would require the attacker to get the victim to open a play list file with an overly long smb:// URI. The cause of the problem is a buffer overflow in the Win32AddConnection function in modules/access/smb.c

The error was discovered in version 0.9.9 of VLC, but is likely to exist in other versions. The VLC developers have fixed the problem in their Git repository, but describe the problem only as a denial of service vulnerability which crashes the player. Officially, only version 0.9.9 is available as source code and binary for Windows.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit