Threat Center Security News VLC Media Player Vulnerability
VLC Media Player Vulnerability Print E-mail
Written by Rebecca Mints   
Friday, 04 July 2008 05:19

A new vulnerability has been found in the popular VLC media player that could allow an attacker to gain control of someone's PC. The problem, which Secunia ranks as "highly critical," affects version 0.8.6h on Windows.


The flaw is an integer-overflow error, which can be exploited to cause a heap-based buffer overflow, a type of problem in how the program allocates memory. Secunia said it can be exploited by creating a specially-crafted ".WAV" sound file, which would the allow a hacker to run other code on the PC.


Secunia notified the VideoLAN project on June 30 and advised that until the update is released, users should be wary of untrusted ".WAV" files.




WTW Threat Level