Exclusive News

Two major vulnerabilities spotted in VLC media player

VLC
Share on Facebook
Tweet about this on TwitterShare on Google+Share on StumbleUponShare on LinkedInPin on PinterestShare on Reddit

VLC_player_logo

According to security researcher Veysel Hatas, certain versions of VLC media player have two major vulnerabilities which can be exploited by hackers to corrupt system memory and execute  an arbitrary code.

Hatas reported the vulnerabilities to VideoLAN in December and published the advisories on Full Disclosure on Friday (sounds much like Google’s Project Zero). As projected by the source code, one of the bugs is a DEP access violation vulnerability and the other is is a write access flaw.

Hatas said-

VLC Media Player contains a flaw that is triggered as user-supplied input is not properly sanitised when handling a specially crafted FLV” or M2V file. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.

The flaws are present on version 2.1.5 of VLC media player, and were tested through Windows XP SP3. The risk persists for subset of users who have not yet moved to Windows 7 or 8. None of the flaws have been fixed by the VLC team, you can hope for an update soon.

Here’s the entire disclosure :

Title : VLC Player 2.1.5 DEP Access Violation Vulnerability
Discoverer: Veysel HATAS (@muh4f1z)
Web page : www.binarysniper.net
Vendor :  VideoLAN VLC Project
Test: Windows XP SP3
Status: Not Fixed
Severity : High

CVE ID : CVE-2014-9597
OSVDB ID : 116450 <http://osvdb.org/show/osvdb/116450>
VLC Ticket : 13389 <https://trac.videolan.org/vlc/ticket/13389>

Discovered : 24 November 2014
Reported :   26 December 2014
Published :    9 January 2015

windbglog :
https://trac.videolan.org/vlc/attachment/ticket/13389/windbglog.txt
<https://trac.videolan.org/vlc/attachment/ticket/13390/windbglog.txt>

Description : VLC Media Player contains a flaw that is triggered as
user-supplied input is not properly sanitized when handling a specially crafted
FLV file <http://www.datafilehost.com/d/9565165f>. This may allow a
context-dependent attacker to corrupt memory and potentially execute
arbitrary code.

---------------------------------------------------------------------------------------------------------------------------------------------

Title : VLC Player 2.1.5 Write Access Violation Vulnerability
Discoverer: Veysel HATAS (@muh4f1z)
Web page : www.binarysniper.net
Vendor :  VideoLAN VLC Project
Test: Windows XP SP3
Status: Not Fixed
Severity : High

CVE ID : CVE-2014-9598
OSVDB ID : 116451 <http://osvdb.org/show/osvdb/116451>
VLC Ticket : 13390 <https://trac.videolan.org/vlc/ticket/13390>

Discovered : 24 November 2014
Reported :   26 December 2014
Published :    9 January 2015

windbglog :
https://trac.videolan.org/vlc/attachment/ticket/13390/windbglog.txt

Description : VLC Media Player contains a flaw that is triggered as
user-supplied input is not properly sanitized when handling a specially crafted
M2V file <http://www.datafilehost.com/d/11daf208>. This may allow a
context-dependent attacker to corrupt memory and potentially execute
arbitrary code.

Senior Writer


Add Comment

Click here to post a comment

Your email address will not be published. Required fields are marked *