Jump to content
Login new information ×
Login new information

VLC 2.0.6 to Address Critical Buffer Overflow Vulnerability in ASF Demuxer Plugin

anuseems

By anuseems
in Security & Privacy News

Recommended Posts

anuseems

anuseems

Posted
Posted

VLC Player 2.0.5 and earlier versions are affected with a critical vulnerability, to address this Videolan is likely to release 2.0.6 version any time soon. If youre using VLC media Player 2.0.5 and earlier versions youre advised not to open files from untrusted sources as these versions are affected with vulnerability that has been rated as critical.

According to Security advisory released by VideoLan on their site while processing malicious ASF file a buffer overflow could occur, when that happens a malicious third party could trigger an invalid memory access, leading to a crash of VLC media players process. In some cases attackers might exploit this issue to execute arbitrary code within the context of the application but this information is not confirmed.

Exploitation happens only if user opens that specially created ASF file which unlikely to happen from users hard drive, but this can be possible in browsers on web with the VLC browser plugin where a malicious website can able to auto play the ASF file.

VLC has included the patch for this vulnerability in VLC 2.0.6 which is currently under testing and available as nightly builds for Windows and Linux platform, you can expect release of VLC player 2.0.6 at any time soon.

Videolan is currently suggesting users to follow the workarounds mentioned below

To avoid this until VLC 2.0.6 releases

#I

1. Users should not open files from untrusted sources or they shouldnt access remote sites.

2. Disable VLC Plugin in browser

You can do that in Firefox by Tools>Add-ons> select plugins and click disable button under VLC web plugin, similarly disable VLC plugin for Chrome and Opera browsers separately by visiting about:plugins page.

#II. or user can remove ASF demuxer from VLC plugin installed directory which prevents the playback of ASF movies.

for this navigate to C:\Program Files\VideoLAN\VLC\plugins find and delete libasf_plugin.dll.

@ http://www.videolan.org/security/sa1302.html

Link to comment
Share on other sites
  • Replies 1
  • Views 1.8k
  • Created
  • Last Reply

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...