New critical vulnerability in VLC Media Player

Discussion in 'other security issues & news' started by ronjor, Jan 31, 2011.

Thread Status:
Not open for further replies.
  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,719
    Location:
    Texas
    The H Security
     
  2. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    8,028
    Location:
    Lloegyr
    OK, cheers for the info Ron.
     
  3. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,851
    This is slightly more serious than all the other vulnerabilities I'd think, hopefully they push a fix soon.
     
  4. safeguy

    safeguy Registered Member

    Joined:
    Jun 14, 2010
    Posts:
    1,709
    Seems serious enough. I'm waiting for 1.1.7. Meanwhile, I think these are useful:


    Source
     
  5. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Does EMET prevent this?
     
  6. prius04

    prius04 Registered Member

    Joined:
    Apr 14, 2007
    Posts:
    1,238
    Location:
    USA
    It's already fixed in the latest win32 branch build (1.1.7 - believe it involved one line of code or something):

    http://nightlies.videolan.org/build/win32/branch-20110201-0202/

    I grabbed it, installed, and haven't seen any anomalies.....yet. Regardless, they'll probably release the official 1.1.7 soon enough.
     
  7. prius04

    prius04 Registered Member

    Joined:
    Apr 14, 2007
    Posts:
    1,238
    Location:
    USA
  8. cm1971

    cm1971 Registered Member

    Joined:
    Oct 22, 2010
    Posts:
    727
    I just installed 1.1.7. Thanks for the heads up.
     
  9. prius04

    prius04 Registered Member

    Joined:
    Apr 14, 2007
    Posts:
    1,238
    Location:
    USA
  10. katio

    katio Guest

    Looks like DEP alone is enough to prevent exploitation. At least that's the case with the metasploit module. Maybe this limitation could be overcome but I doubt a full emet bypass is possible, even if it is you won't see one any time soon (and by then everyone is patched anyway so why bother in the first place?)

    http://www.metasploit.com/modules/exploit/windows/fileformat/vlc_webm
     
Loading...
Thread Status:
Not open for further replies.