In association with heise online

05 December 2007, 15:01

Security update for VLC media player

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

A new version of the VLC media player fixes a critical vulnerability in the Windows version located in the ActiveX control DLL (axvlc.dll) for Internet Explorer. Because of inadequate parameter checking, a malicious website could use the vulnerability to overwrite memory zones and execute arbitrary code.

Versions from 0.8.6 up to and including 0.8.6c are affected, although versions prior to 0.8.6 are not vulnerable. Version 0.8.6d fixes the bug and pre-compiled binaries are already available for download from the VLC website. Alternatively, users could switch to Mozilla-based browsers such as Firefox and Seamonkey and use the appropriate VLC plugin.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit