The VLC Media Player is prone to a heap-based buffer-overflow vulnerability because it fails to properly bounds check user-supplied data before copying it into an insufficiently sized buffer.

An attacker could exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.

VLC Media Player versions 1.0.0 through 1.1.8 are vulnerable.

REFERENCE: http://www.securityfocus.com/bid/47293

The Vulnerability Team adviced to users and administrators to review and apply the updates notifications
necessary to help mitigate the risks.

source: securityfocus.com 

0 comentarios: