![]() There is a reason that a number of issues have been found and a reason why a correct patch will take time to implement and test. ![]() Trowell noted that this could be accomplished with a phishing campaign, but “it seems like in most cases the video sent would be opened with the internet browser or the email client, not VLC. ![]() This attack can only be triggered with user interaction: the user has to either download a malicious file or open a stream that is streaming said files,” Trowell said.Īs a result, a malicious actor would be dependent on the user searching out and opening a corrupted file. “There are not a lot of people who are playing random videos they get off the internet as the root/admin user on their computers. Also, this attack doesn’t give an attacker any extra privileges. “It’s easy to make a corrupted stream, but the trick is getting a user to play it. Using the CVSS 2.0 scale, this vulnerability ranks as a 7.5,” Trowell said.īecause the user has to voluntarily interact with the attack mechanism, Trowell said the attacker can’t initiate. While the issue is serious, using the CVSS 3.0 standard to rate the severity of a vulnerability can be a bit misleading as issues tend to rank higher than in version 2. “There have been four recent vulnerabilities disclosed that are loosely related to the same area of code. This isn’t the only VLC issue disclosed this month, according to Larry Trowell, principal consultant at Synopsys. According to NIST’s National Vulnerability Database, the vulnerability CVE-2019-13615 in the media player “has a heap-based buffer over-read.” If exploited, an attacker could gain remote access and potentially disclose information, manipulate files or create a denial-of-service state. In general, VLC does not have a good reputation in the security industry as they regularly will leave vulnerable pre-compiled executables for download despite having patched them in the latest source code," said Craig Young, computer security researcher for Tripwire’s vulnerability and exposure research team (VERT). “Video players are a frequent target for file format exploits due to the inherent complexity of parsing multimedia files.” I absolutely would not recommend that anyone access untrusted content with VLC due to the high risk of memory corruption vulnerabilities. ![]() “This is just one in a long and constant stream of flaws in VLC. It gives users more flexibility and format support than most other players and stays on the cutting edge in terms of features.The latest edition of nonprofit VideoLAN’s VLC media player software has what Germany agency CERT-Bund is calling a serious security flaw that allows hackers to install and run software without user knowledge, according to NewsX. VLC Media Player (64-bit) has consistently been one of the most popular video players for years, and that isn't changing anytime soon. The standard version of the program covers most of the bases you need, though. The app supports extensions and add-ons from all over the Web if you can find them. ![]() It even lets you create playlists on the fly and edit them from inside the app. VLC Media Player (64-bit) lets you add audio and video effects as you're watching a video for extra fun - and supports more playlist formats for easy, hands-free viewing. It gives you plenty of screen real estate by placing all of the buttons on its menu at the bottom and making them small enough to be ignored. The basic version of the program is anything but, featuring playlist and streaming support in addition to the ability to play just about any video on your PC. In addition to being a universal media player, this app is open source, which means you can find people who create new add-ons and builds for it, as well as create your own version. It's more than enough to be the only video player you'll ever need on your computer. There aren't many videos this app can't play and play amazingly well. VLC Media Player (64-bit) is a favorite of many video watchers thanks to abundant format support, style, and customization options. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |