More critical security vulnerabilities in VLC media player
Two critical security holes have been discovered in the VLC media player, which is available for many operating systems including; Linux, Mac OS, and Windows. One of them has been known since this summer and can be exploited when data are played back by the VLC. The second hole allows attackers to get control of affected systems via the VLC.
The first vulnerability is a buffer overflow that occurs in the handling of subtitles. The program's developers were made aware of the problem at the end of June and corrected it shortly afterwards in the source code developer system. But it turns out that, although the remedied development line is included in newer versions, it did not make it into the 0.8.6 development code. This is the development code that all of the versions released in the past few months are based on. As a result, security update 0.8.6d released at the beginning of the month, does not contain this correction.
According to the security advisory the cause of the second vulnerability is in the standard settings of the mini Web server that controls the VLC via another computer's Web browser. The format string code in the web interface that checks the transmission parameters, transfers the data sent by the client to another function without sufficient inspection. As a result, malicious code can be written into memory and launched. Indeed, the server makes it even easier for attackers to exploit the vulnerability when it sends information back to the client, once this function has been executed.
This flaw has been remedied in the source code VLC developer system. Unfortunately, no new version is available with the vulnerabilities remedied. At the moment, the developers are thinking about publishing version 0.8.6e at the beginning of January in order to solve yet another potential security issue.