Added on 24 Sep 2009(1152 Views)
I’ve made no secret out of the fact that I am absolutely bonkers about the VLC or Video LAN Client media player. I liked it a lot when it was in its early development phase, I liked it even more when it reached the RC (Release Candidate) milestone, and I definitely loved what I saw when the media player was launched as a final, stable product. Since then the software has been updated to version 1.0.1 (but we missed that one because we were focused on other things) and as of this week to version 1.0.2Finding out that VLC has been updated comes as pleasant news. Finding out what the update addresses is even better. It seems that VLC version 1.0.1 and all other versions down to 0.5.0 are plagued by critical security vulnerability that if exploited could lead to arbitrary code execution.
Here is the official explanation provided by the Video LAN Project: “When parsing a MP4, ASF or AVI file with an overly deep box structure, a stack overflow might occur. It would overwrite the return address and thus redirect the execution flow. If successful, a malicious third party could trigger execution of arbitrary code within the context of the VLC media player. Exploitation of this issue requires the user to explicitly open a specially crafted file.”
You are well advised to download and install version 1.0.2 onto your system. It is the only means of ensuring you and your system remain protected. If you do not upgrade, the only other workarounds are:
- do not open files from untrusted sources.
- do not access untrusted remote sites.
- disable the VLC browser plug-in.
- manually remove the MP4, AVI and ASF demuxer plug-ins from the VLC plug-in directory. These are: libmp4_plugin.*, libavi_plugin.*, libasf_plugin.*
If you would like to get VLC 1.0.2, you can download it straight from FindMySoft here (Windows only).
If you would like to get it straight from the official Video LAN Project webpage, just click here (all other supported operating systems).
Don't forget to:
RSSTags: VLC, Video LAN Client, Media Player, Update, Security, Vulnerability
Link to this article:
Add comment:
Software News
Chromium OS Goes Open-Source
This summer Google let the world know that it is working on a new operating system meant for the user that spends most of his time online. The operating system – aptly named Chrome OS because it is a natural extension...
This summer Google let the world know that it is working on a new operating system meant for the user that spends most of his time online. The operating system – aptly named Chrome OS because it is a natural extension...
20 Nov 2009
Office 2010 Beta Downloads Available to the Public
Earlier this week Redmond-based software giant Microsoft announced that Office 2010 became available for download as a Beta. The catch was that only ...
Earlier this week Redmond-based software giant Microsoft announced that Office 2010 became available for download as a Beta. The catch was that only ...
20 Nov 2009
Mozilla Releases: Firefox 3.6 Beta 3
The development process of the Firefox 3.6 browser is moving along rapidly. The first Beta version was released at the start of the month; Beta 2 was released about two weeks after Beta 1. About a week has passed since...
The development process of the Firefox 3.6 browser is moving along rapidly. The first Beta version was released at the start of the month; Beta 2 was released about two weeks after Beta 1. About a week has passed since...
20 Nov 2009
New Labs Feature for Gmail: Green Robot!
The software developers at Google have announced the release of a new Gmail Labs offering called Green Robot! This new offering is meant to improve the Gmail Chat user experience by letting the ...
The software developers at Google have announced the release of a new Gmail Labs offering called Green Robot! This new offering is meant to improve the Gmail Chat user experience by letting the ...
20 Nov 2009
Opera Mobile 10 Beta for Windows Mobile Is Out Also
Opera Software, the company that we all know for making the innovative and feature rich Opera web browser, has released Opera Mobile 10 Beta for Windows Mobile-powered devices. This release follows in the...
Opera Software, the company that we all know for making the innovative and feature rich Opera web browser, has released Opera Mobile 10 Beta for Windows Mobile-powered devices. This release follows in the...
19 Nov 2009
Beta Testing is Over, Stable Version of Trillian for iPhone Released
The focus so far has been on desktop version of this multiprotocol instant messaging software application, Trillian Astra (version 4.1). Today is time to switch focus away from the desktop version and onto something a bit more...
The focus so far has been on desktop version of this multiprotocol instant messaging software application, Trillian Astra (version 4.1). Today is time to switch focus away from the desktop version and onto something a bit more...
19 Nov 2009
Recommended Tools
Registry Booster 2010 Enhanced, deeper and faster error scan performance. Now also in 5 languages! Free Scan
Driver Scanner 2009
Fast and easy, it boosts performance by scanning for, downloading & installing driver updates
Fast and easy, it boosts performance by scanning for, downloading & installing driver updates
SpeedUpMyPC 2009
How fast is your PC really running? Turbo-charge your Internet and PC performance here
How fast is your PC really running? Turbo-charge your Internet and PC performance here
Nero Burning ROM
LimeWire Basic
Yahoo! Messenger
Winamp
Mozilla Firefox
eMule
BitComet
iTunes
Google Earth
uTorrent