Secunia Advisory: SA25753
Release Date: 2007-06-20
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
Software: VLC media player 0.x
Description:
Some vulnerabilities have been reported in VLC Media Player, which can be exploited by malicious people to compromise a user's system.
The vulnerabilities are caused due to format string errors in the Ogg/Vorbis, Ogg/Theora, CDDA (CD Digital Audio), and SAP (Service Announce Protocol) plugins. These can be exploited to execute arbitrary code via a specially crafted .ogg (Vorbis) file, .ogm (Theora) file, CDDB entry, or SAP/SDP message.
The vulnerabilities are reported in versions 0.8.6b and prior.
Solution:
Update to version 0.8.6c.
http://www.videolan.org/vlc/
The vendor also recommends removing or disabling the plugins if they are not used. Please see the vendor's advisory for details.
Bollettino Secunia
Release Date: 2007-06-20
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
Software: VLC media player 0.x
Description:
Some vulnerabilities have been reported in VLC Media Player, which can be exploited by malicious people to compromise a user's system.
The vulnerabilities are caused due to format string errors in the Ogg/Vorbis, Ogg/Theora, CDDA (CD Digital Audio), and SAP (Service Announce Protocol) plugins. These can be exploited to execute arbitrary code via a specially crafted .ogg (Vorbis) file, .ogm (Theora) file, CDDB entry, or SAP/SDP message.
The vulnerabilities are reported in versions 0.8.6b and prior.
Solution:
Update to version 0.8.6c.
http://www.videolan.org/vlc/
The vendor also recommends removing or disabling the plugins if they are not used. Please see the vendor's advisory for details.
Bollettino Secunia