Search

Videos On VLC Player Can Hack Your Computer


If you use VLC media player on your computer and haven't updated it recently, don't you even dare to play any untrusted, randomly downloaded video file on it.

Doing so could allow hackers to remotely take full control over your computer system.

That's because VLC media player software versions prior to 3.0.7 contain high risk, besides many other medium- and low-severity security flaws, that could potentially lead to arbitrary code execution attacks.


Discovered by Symeon Paraschoudis from Pen Test Partners and identified as CVE-2019-12874, the first high-severity vulnerability is a double-free issue which resides in "zlib_decompress_extra" function of VideoLAN VLC player and gets triggered when it parses a malformed MKV file type within the Matroska demuxer.

The second high-risk flaw, identified as CVE-2019-5439 and discovered by another researcher, is a read-buffer overflow issue that resides in "ReadFrame" function and can be triggered using a malformed AVI video file.


All the attacker needs to do is craft a malicious MKV or AVI video file and trick users into playing it using the vulnerable versions of VLC


According to an advisory released by VideoLAN, having ASLR and DEP protections enabled on the system could help users mitigate the threat, but developers did admit that these protections could be bypassed too.

Paraschoudis used honggfuzz fuzzing tool to discover this issue and four other bugs, which were also patched by the VideoLAN team earlier this month along with 28 other bugs reported by other security researchers through EU-FOSSA bug bounty program.

Users are highly recommended to update their media player software to VLC 3.0.7 or later versions and should avoid opening or playing video files from untrusted third parties.




If you want to learn more see this link for reference :

https://windowsreport.com/vlc-malware/

https://thehackernews.com/2019/06/vlc-media-player-hacking.html


An Ethical hacker should know the penalties of unauthorized hacking into a system. Read more at: Legality and Ethics


#vlc #VLCexperience #VLconcepts #vlcourt #vlce #vlcity #vlckova #vlcalaisturbo #vlcox #vlcdplan #vlcddiet #vlcd #VLCCHazratbal #vlcimak #VLCCAyurvedaFacialKit #vlcsport #vlcdiet #vlccinstitute #VLCCPersonalCare #vlciak #vlcbreda #vlcapsostenible #vlcbcn #vlcdfamily #vlcommodore #vlcchazratbalpresentation #vlc2 #vlcar #vlcmastertag #VLCMinistries #hacking #hackingmarathon #hackingmedicine #hackingeducation #hackingsimulator #hackinginstagram #hackingnews #hackingthehuman #hackingtool #hackingdata #hackingtaiwan #hackinggame #hackingthecolorwheel #hacking4humanity #hackingyoungsters #hackingfriday #hackingexposed #hackinglife #hackingshit #hackingchallenge #hackingtheplanet #hackingbegins #hackingworkshop #hackingout #hackingforgood #latviancoldblood #MonteKristo #estoniansporthorse #Hevera #afterthunder #dll

*********************************************************************************************************************


For more tricks and update over hacking stay tuned to our site: Note 4 Tech