---------------------------------------------------------------------- Secunia CSI + Microsoft SCCM ----------------------- = Extensive Patch Management http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: VLC Media Player Multiple Vulnerabilities SECUNIA ADVISORY ID: SA39558 VERIFY ADVISORY: http://secunia.com/advisories/39558/ DESCRIPTION: Some vulnerabilities have been reported in VLC Media Player, which can be exploited by malicious people to potentially compromise a user's system. 1) An error in the A/52 audio decoder can be exploited to cause a heap-based buffer overflow. 2) An error in the DTS audio decoder can be exploited to cause a heap-based buffer overflow. 3) An error in the MPEG audio decoder can be exploited to cause a heap-based buffer overflow. 4) An error in the AVI demuxer can be exploited to trigger an access to invalid memory. 5) An error in the ASF demuxer can be exploited to trigger an access to invalid memory. 6) An error in the Matroska demuxer can be exploited to trigger an access to invalid memory. 7) An error when processing XSPF playlists can be exploited to trigger an access to invalid memory. 8) An error in the ZIP implementation can be exploited to trigger an access to invalid memory. 9) An error in the RTMP implementation can be exploited to cause a heap-based buffer overflow. Successful exploitation of the vulnerabilities may allow execution of arbitrary code, but requires that the user is tricked into opening a specially crafted file. The vulnerabilities are reported in versions prior to 1.0.6. SOLUTION: Update to version 1.0.6. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: VideoLAN-SA-1003: http://www.videolan.org/security/sa1003.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------