VLC Media Player 1.1.4 fixes Windows DLL vulnerability
Just one week after the 1.1.3 update was released, the VideoLAN Project developers have issued version 1.1.4 of their VLC Media Player, a free open source cross-platform multimedia player for various audio and video formats. The latest maintenance and security update includes various translation updates, several bug fixes and addresses a Windows only issue.
According to the developers, the 1.1.4 release addresses the DLL vulnerability on Windows systems that affects a wide variety of Windows-based programs. The problem is a programming error which can result in applications executing malicious code in specially crafted DLL files when, for example, a user opens a file on a network drive. Under certain circumstances the installed application could subsequently load libraries containing malicious code from this network directory. All versions of VLC up to 1.1.3 are reportedly affected. At the time of this writing, the built-in update tool for users that already have VLC installed still shows version 1.1.3 as the latest release. The developers advise all users to upgrade as soon as possible.
Further information can be found in the release announcement, in the change log and on the What's new in 1.1.4 page. VLC 1.1.4 is available to download from the project's home page and is released under version 2 of the GNU General Public License (GPLv2).
- DLL preloading vulnerability, security advisory from the VideoLAN Project.
- Scope of DLL security problem widens, a report from The H.