Vulnerability with VLC Player 3.0.11 Let Attackers Execute Code Remotely

VLC is a free and open-source cross-platform multimedia player and framework that plays most multimedia files as well as DVDs, Audio CDs, VCDs, and various streaming protocols without downloading any additional codecs.

VideoLan announces that multiple vulnerabilities in the VLC media player are being fixed. The affected versions: VLC media player 3.0.11 and earlier.

The Impact of the Attack

If the attack is successful, a remote user could create a specifically crafted file that could trigger some various issues, particularly, buffer overflows, and some invalid pointers being dereferenced.

In this scenario, a malicious third party could trigger either a crash of VLC or an arbitrary code execution with the privileges of the target user.

The organization stated that these issues in themselves are most likely to just crash the player and they could be merged to leak user information or remotely execute code. ASLR and DEP help reduce the likeliness of code execution but may be evaded.

“We…

Exit mobile version