New security hole in VLC video player
A new critical security hole has been found in the VLC player from the VideoLan project, while there is still no public fix for the previous security hole found two weeks ago. The new vulnerability has been found in the handling of
mmst:// URLs. If a user opens a URL of this form that points to an attacker's server, the server can deliver crafted data that will cause a buffer overflow on the heap, which could lead to remote code execution, according to a advisory note from Orange Bat.
In tests, heise Security found that both the Windows version, 0.8.6i, and Linux version, 0.8.6e, of VLC crashed when accessing a compromised stream, confirming the existence of the problem. VLC's developers were notified by third parties about the issue and a fix has been applied to the source code in the VLC version management system. There is no date though for an update to VLC to make the fix generally available.
- VLC 0.8.6i MMS Protocol Handling, advisory from Orange Bat