![]() ![]() ASLR and DEP help reduce the likelyness of code execution, but may be bypassed. While these issues in themselves are most likely to just crash the player, we can't exclude that they could be combined to leak user informations or If successful, a malicious third party could trigger either a crash of VLC or an arbitratry code execution with the privileges of the target user. It is also possible to trigger read or write buffer overflows with some crafted files or by a MITM attack on the automatic updater Impact This is explained in more details on the reporter's article ![]() It is possible to trigger a remote code execution through a specifically crafted playlist, and tricking the user into interracting with that playlist elements. Summary : Multiple vulnerabilities fixed in VLC media playerĪffected versions : VLC media player 3.0.12 and earlierĪ remote user could create a specifically crafted file that could trigger some various issues. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |