// Small News // Critical Vulnerability in VLC Can Hack Your Computer Remotely!

in #blog6 years ago (edited)

A bug in an integrated library makes it possible to execute arbitrary code remotely, simply by sending a malformed Internet packet.

cqsc.jpeg
Source

Watch out for streaming in VLC. Cisco Talos security researchers have recently discovered a critical flaw in one of the libraries used by the popular media player, "LIVE555". This is used to manage connections that rely on the Real Time Streaming Protocol (RTSP).

A bug in this library allowed to cause a buffer overflow and, consequently, an arbitrary code execution. All that was required was to send a malformed package to the targeted computer. A scenario that allows remote hacking of a machine.

The fault has been blocked by the maintainer of this library, Live Networks, since October 17. That's why Cisco Talos has released the technical details of this bug. However, it is not certain that the fix has been reflected in VLC. The last VLC update is August 31, 2018 (3.0.4).

This is a video that I have just found on Youtube (put the sub-subtitles on):

Caution is therefore required until confirmation. This library is also integrated into MPlayer, another multimedia player.

DQmdpsoEfLe5nRg4Q1oKWHNjLdMnAucCYfRou1yF5Yiwrzs.png

DQmNuF3L71zzxAyJB7Lk37yBqjBRo2uafTAudFDLzsoRV5L.gif

Coin Marketplace

STEEM 0.17
TRX 0.15
JST 0.027
BTC 60654.57
ETH 2343.25
USDT 1.00
SBD 2.48