Danish security company Secunia has found a flaw in the VLC Media Player that could allow an attacker to gain control of someone's PC.
The problem, which Secunia ranks as "highly critical," affects version 0.8.6h on Windows. Secunia said in an advisory that version 0.8.6i should be released soon.
The flaw is an integer overflow error, which can be exploited to cause a heap-based buffer overflow, a type of problem in how the program allocates memory. Secunia said it can be exploited by creating a specially-crafted ".WAV" sound file, which would the allow a hacker to run other code on the PC.
VLC Media Player is a free, open-source program released under the GNU General Public License by the VideoLAN project. The player can handle video files in MPEG-1, MPEG-2, MPEG-4, DivX, MP3 and OGG formats, among others.
The project also develops a streaming media server for several platforms. The VLC software has been download close to 90 million times, according to the project's Web site.
Secunia notified the VideoLAN project on June 30 and advised that until the update is released, users should be wary of untrusted ".WAV" files.
- Sponsored Resource:Are you ready for virtualization? Try the sever assessment tool.
- Sponsored Resource:Learn more about ultra light notebooks from Asus and the best warranty in the industry.
- Sponsored Resource:Thinking about a new Laptop? Lenovo has models to meet everyone's needs.
- Sponsored Resource:Get the truth about remanufactured ink. Learn more from HP.
- Sponsored Resource:Six smart ways to grow small business IT
News For Your Business
- Browser War Redux, Patch Time, IPod News
- Facebook Tests Icon to Identify Predators, Porn
- Survey: VARs Concerned About Cybersecurity, Health Care
- Spammers Use Free Web Services to Shield Links
- Phishing Attacks Get Personal
Community Comments