VLC: a critical flaw with the .WAV files
If you're new here, you may want to subscribe to our RSS feed. Thanks for visiting!
Secunia discovered in VLC, free software for reading and audio / video, a loophole described as critical. An attacker could take it through the control of a remote computer. We must be wary with the .WAV files pending the patch.
VLC Media Player software is well known for his performance as a multi-player video. Integrating directly libraries FFMPEG project, the software did not need codecs to read the majority of videos available on the Web. Free Software and multiplateformes, VLC also supports many audio formats, DVD, (S) VCD, streaming via MMS or RTSP protocols … It enables video capture but does not stop at mere reading. VLC is indeed capable of ensuring the role of broadcast server, transcodant flow generated by multiple codecs output.
The company Secunia has just discovered a loophole described as “highly critical” (4 / 5) in the latest version of VLC under Windows. It is possible that earlier versions are also affected. The open function () module WAV VLC allows indeed an integer overflow. Specifically, if a user opens a file .WAV in VLC specially designed to exploit the loophole, arbitrary code could be executed and the attacker could take control of the remote computer.
Given that the patch is not yet available in the stable, Secunia recommends to be very careful with .WAV files executed with VLC and update as soon as possible software to version 0.8.6i, which will correct the flaw.