Malicious subtitle file could trip up VLC media player

Latest Published Articles

Interview: Kevin Wallace CCIEx2 #7945 (Routing/Switching and Voice) & CCSI (Instructor) #20061

Need for Speed – The Data Tsunami & Advancements in Networking. From FastEthernet 100Mbps to Wireless 17.6Tbps!

Secure CallManager Express Communications - Encrypted VoIP Sessions with SRTP and TLS

Cisco & CompTIA Certification Offer - Save 60% on Certification Video Training For CCNA Security, CCNP Voice, CompTIA Network+ and Security+

Cisco Catalyst 4500 Series Zero-Downtime IOS Upgrade Process for Supervisor Engine 7-E, 7L-E, 6L-E and V-10GE Redundant Configurations

Cisco 4507R+E Layer 3 Installation: Redundant WS-X45-SUP7L-E Supervisor Engines & WS-X4648-RJ45V+E Line Cards

Major Changes & Updates to the Cisco CCNA Exam

Interview: Vivek Tiwari CCIEx2 #18616 (CCIE Routing and Switching and Service Provider)

Comparing Cisco VPN Technologies – Policy Based vs Route Based VPNs

Unified Communications Components - Understanding Your True Unified Communications Needs

Cisco Press Discounts - Valentine's Day Special - Save 40%!!

Discover Features & Capabilities - Cisco Catalyst 3850 With Integrated Wireless LAN Controller (WLC)

Cisco VPN Client & Windows 8 (32bit & 64bit) - Reason 442: Failed To Enable Virtual Adaptor - How To Fix It

How to Restrict Cisco IOS Router VPN Client to Layer-4 (TCP, UDP) Services - Applying IP, TCP & UDP Access Lists

Configuring SPAN On Cisco Catalyst Switches - Monitor & Capture Network Traffic/Packets

Latest Forum Posts

Re: hi how to book online cisco lab

By: Nevins

Yesterday 00:12
hi how to book online cisco lab

By: mahatherjoy

Yesterday 00:12
Re: Plan for infrastructure

By: Arani

26 Apr 2013 17:35
Re: Remote Desktop connection in Windows 7

By: Arani

26 Apr 2013 17:28
Autobackup of Router Config file using SSH key

By: khandesha

25 Apr 2013 12:11
Plan for infrastructure

By: skylimit

26 Apr 2013 17:35
Re: cant remember my password and security quest

By: sose

18 Apr 2013 17:34
Fibre optics single core or two core for internet

By: SmartDude

16 Apr 2013 11:45
Re: Remote Desktop connection in Windows 7

By: Nevins

26 Apr 2013 17:28
Remote Desktop connection in Windows 7

By: truesdq

26 Apr 2013 17:28

Malicious subtitle file could trip up VLC media player

(0 votes, average 0 out of 5)

Thursday, 20 March 2008 13:00

A flaw in the widely-used open-source VLC media player could allow an attacker to execute harmful code on a PC. The problem stems from a buffer overflow that can occur when the player processes subtitle files used for movies, according to a security advisory.

The vulnerability existed before VLC was upgraded to version 0.8.6e in late February, but the bug appears to have escaped the last round of patches, wrote Luigi Auriemma in a note.

"The funny thing is that my old proof-of-concept was built just to test this specific buffer overflow, and in fact it works on the new VLC version too without modifications," Auriemma wrote.

Video files can contain a link to a separate subtitle file, which VLC automatically loads when it plays the video. An attacker could use the buffer overflow flaw in VLC to execute malicious code contained in a subtitle file, and thus tamper with a PC. The flaw affects VLC players running on Windows, Mac, BSD and possibly more operating systems, Auriemma wrote.

The VLC media player is part of the VideoLAN project. The player is free, and it is released under the GNU General Public License. VLC can also be used as a streaming media server for a variety of platforms.

Source: IDG News Service

37.3%		United States
16.8%		India
7.4%		United Kingdom
5.7%		Australia
4.3%		Canada
3.4%		Germany

Today:	4704
Yesterday:	8496
This Week:	28693
Last Week:	46096
This Month:	106102
Last Month:	236194
Total:	3366826

Recommendations

Hot Downloads

Official CiscoPress Reviewer

Firewall.cx Newsletter

Firewall.cx Forums

Facebook Fans

Social Media Channels

System Login

Recommended Downloads

More Articles

Who's Online

Statistics

Top Website Visitors

Popular Cisco Articles

Gold Cisco Lab Partners

Popular Linux Articles

Best Rated Content

Latest Published Articles

Latest Forum Posts

SIMILAR TOPICS THAT MIGHT INTEREST