Establishing Digital Trust: Don't Sacrifice Security for Convenience
VideoLAN recently published a security advisory warning of a buffer overflow vulnerability in versions 2.0.5 and earlier of VLC Media Player.
"If successful, a malicious third party could trigger an invalid memory access, leading to a crash of VLC media player's process," the developers explained in the advisory. "In some cases attackers might exploit this issue to execute arbitrary code within the context of the application but this information is not confirmed."
"The issue is a problem in the ASF demuxer (libasf_plugin.*), which can be tricked into overflowing a buffer with a specially crafted ASF movie," The H Security reports. "The developers note that users would have to open that specially crafted file to be vulnerable and advise users to not open files from untrusted third parties or untrusted sites."
"An alternative solution is to manually delete the vulnerable libasf_plugin.dll file from the VLC installation directory, VideoLAN said," writes InfoWorld's Lucian Constantin. "This will disable the software's ability to play ASF videos until a patched version of the file is reinstalled during a software update. A patch will be included in VLC 2.0.6, the next version of the media player, which is only available for testing purposes at the moment."