New critical vulnerability in VLC Media Player

View previous topic View next topic Go down

New critical vulnerability in VLC Media Player

Post by Ruhe on 31/1/2011, 20:29

...the project has reported a new vulnerability which can be exploited using specially crafted MKV (Matroska Video and WebM) films to inject malicious code onto a system and execute that code with the user's privileges...
Full article


You can run VLC in a sandbox like this one

Code:
[VLC]

ConfigLevel=7
Enabled=y
BoxNameTitle=y
BorderColor=#8000FF
AutoDelete=y
NeverDelete=n
NotifyInternetAccessDenied=y
DropAdminRights=y
ForceProcess=vlc.exe
NotifyStartRunAccessDenied=y
Template=BlockPorts
ClosedFilePath=InternetAccessDevices
ProcessGroup=<StartRunAccess>,vlc.exe
ClosedIpcPath=!<StartRunAccess>,*
avatar
Ruhe
Valued Member
Valued Member

Posts : 261
Join date : 2010-04-16
Location : Germany

View user profile

Back to top Go down

Re: New critical vulnerability in VLC Media Player

Post by Stephen2 on 1/2/2011, 15:01

Thanks Ruhe. I guess that's a reminder that a "virus" is not always an executable, it can come in many forms.

Good idea to sandbox off your media player, I didn't think of that, and can't see any reason not to!

I'll set it up now Wink

Stephen2
Member
Member

Posts : 34
Join date : 2010-10-18
Location : Melbourne, Australia

View user profile

Back to top Go down

Re: New critical vulnerability in VLC Media Player

Post by Ruhe on 1/2/2011, 15:05

I'm running VLC sandboxed for more than a year - because of all its security problems in the past.
avatar
Ruhe
Valued Member
Valued Member

Posts : 261
Join date : 2010-04-16
Location : Germany

View user profile

Back to top Go down

Re: New critical vulnerability in VLC Media Player

Post by Sponsored content


Sponsored content


Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum