Real Geek Forums

Real Geek Forums (http://www.realgeek.com/forums/index.php)
-   Windows Vista Security (http://www.realgeek.com/forums/windows-vista-security-19/)
-   -   VLC Media Player Security Vulnerability (http://www.realgeek.com/forums/vlc-media-player-security-vulnerability-466624.html)

Cal Bear '66 12-25-2008 04:41 PM

VLC Media Player Security Vulnerability
 

Bonn, Germany - A security hole has been discovered in the VLC Media Player, the
German Federal Agency for Security in Information Technology (BSI) in Bonn
reported. Attackers can exploit this vulnerability using rigged Real Media files
(file ending with "rm") to install malicious software onto the user's computer.
The victim has just to open the manipulated multimedia file.

VLC Media Player versions prior to release 0.9.8 are affected, the BSI reports.
The software maker has fixed the problem for Version 0.9.8, but to date has only
made the source code available. All VLC Media Player users are advised to remove
the file libreal_plugin manually from the VLC plug-in installation directory.

http://www.earthtimes.org/articles/s...ia-player.html

Unfortunately, the latest version of VLC Media Player, the 0.9.8 has some severe
faults, so an upgrade seems not to be the answer.

http://forums.techarena.in/windows-software/1083470.htm


I Bleed Blue and Gold
GO BEARS!




Spirit 12-26-2008 05:42 AM

Re: VLC Media Player Security Vulnerability
 
This was fixed in 0.98a available at the website.

http://www.videolan.org/

"Cal Bear '66" <x1x1x1@x1x1x1.org> wrote in message
news:C3056A01-2A88-4C92-BE33-C2102EA7134E@microsoft.com...
Quote:

>
> Bonn, Germany - A security hole has been discovered in the VLC Media
> Player, the German Federal Agency for Security in Information Technology
> (BSI) in Bonn reported. Attackers can exploit this vulnerability using
> rigged Real Media files (file ending with "rm") to install malicious
> software onto the user's computer. The victim has just to open the
> manipulated multimedia file.
>
> VLC Media Player versions prior to release 0.9.8 are affected, the BSI
> reports. The software maker has fixed the problem for Version 0.9.8, but
> to date has only made the source code available. All VLC Media Player
> users are advised to remove the file libreal_plugin manually from the VLC
> plug-in installation directory.
>
> http://www.earthtimes.org/articles/s...ia-player.html
>
> Unfortunately, the latest version of VLC Media Player, the 0.9.8 has some
> severe faults, so an upgrade seems not to be the answer.
>
> http://forums.techarena.in/windows-software/1083470.htm
>
>
> I Bleed Blue and Gold
> GO BEARS!
>
>
>

Daniela 02-05-2009 09:13 PM

RE: VLC Media Player Security Vulnerability
 


"Cal Bear '66" wrote:
Quote:

>
> Bonn, Germany - A security hole has been discovered in the VLC Media Player, the
> German Federal Agency for Security in Information Technology (BSI) in Bonn
> reported. Attackers can exploit this vulnerability using rigged Real Media files
> (file ending with "rm") to install malicious software onto the user's computer.
> The victim has just to open the manipulated multimedia file.
>
> VLC Media Player versions prior to release 0.9.8 are affected, the BSI reports.
> The software maker has fixed the problem for Version 0.9.8, but to date has only
> made the source code available. All VLC Media Player users are advised to remove
> the file libreal_plugin manually from the VLC plug-in installation directory.
>
> http://www.earthtimes.org/articles/s...ia-player.html
>
> Unfortunately, the latest version of VLC Media Player, the 0.9.8 has some severe
> faults, so an upgrade seems not to be the answer.
>
> http://forums.techarena.in/windows-software/1083470.htm
>
>
> I Bleed Blue and Gold
> GO BEARS!
>
>
>
>

occam 02-06-2009 07:33 AM

Re: VLC Media Player Security Vulnerability
 
Daniela wrote:
Quote:

>
> "Cal Bear '66" wrote:
>
Quote:

>> Bonn, Germany - A security hole has been discovered in the VLC Media Player, the
>> German Federal Agency for Security in Information Technology (BSI) in Bonn
>> reported. Attackers can exploit this vulnerability using rigged Real Media files
>> (file ending with "rm") to install malicious software onto the user's computer.
>> The victim has just to open the manipulated multimedia file.
>>
>> VLC Media Player versions prior to release 0.9.8 are affected, the BSI reports.
>> The software maker has fixed the problem for Version 0.9.8, but to date has only
>> made the source code available. All VLC Media Player users are advised to remove
>> the file libreal_plugin manually from the VLC plug-in installation directory.
>>
>> http://www.earthtimes.org/articles/s...ia-player.html
>>
>> Unfortunately, the latest version of VLC Media Player, the 0.9.8 has some severe
>> faults, so an upgrade seems not to be the answer.
>>

Daniela

This is old news. There has been a 'patch' release of VLC version
0.9.8.a soon after. You can get it here:

http://www.filehippo.com/download_vlc/


All times are GMT. The time now is 02:46 AM.

Powered by vBulletin® Version 3.7.1
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.
Copyright 2005 - 2007 RealGeek.com. All rights reserved.