“If successful, a malicious third party could trigger either a crash of VLC or an arbitratry code execution with the privileges of the target user,” VideoLAN explains. The good news is that no RCE attacks have been recorded so far, so it’s important to patch your devices as soon as possible. Don’t open files or streams from untrusted sources
But on the other hand, VideoLAN warns that a more complex attack could actually lead to an RCE attack and a potential leak of user information. In most of the cases, the whole thing would just cause the application to crash, which albeit isn’t something very convenient, is not really that dangerous. VideoLAN explains that a potential exploit can use a specifically crafted file which when launched with VLC Media Player can trigger a buffer overflow in the H26X packetizer. The update, which brings VLC to version 3.0.11 on Linux, Windows, and Mac, specifically targets the vulnerability documented in CVE-2020-13428 and which only affects the desktop client. VideoLAN has recently released a new version of VLC Media Player that comes to resolve a critical security vulnerability that could eventually allow for remote code execution.
0 kommentar(er)
