VLC Media Player Bug Bites at Apple

The second flaw warning in the Month of Apple Bugs project is for a remote code execution issue affecting the cross-platform VLC media player distributed by VideoLAN. A working exploit for the vulnerability, which follows yesterday's QuickTime security hole, has been released, alongside a warning that it targets a format string vulnerability in handling of the udp:// URL handler.

"By supplying a specially crafted string, a remote attacker could cause an arbitrary code execution condition, under the privileges of the user running VLC," said an advisory from LMH and Kevin Finisterre, the two hackers behind the project. The flaw and exploit were successfully tested on VLC version 0.8.6 for Mac OS X. David Maynor of Errata Security has confirmed that it also affects Windows users.

View: The full story
News source: eWeek

Report a problem with article
Next Article

MySQL on track with storage engine

Previous Article

Samsung begins sampling 50nm 16Gb NAND flash

7 Comments - Add comment

Advertisement