VLC Media Player Vulnerability

Author	All Replies
SpannerITWks Premium join:2005-04-22	VLC Media Player Vulnerability VLC Media Player udp:// Format String Vulnerability A format string vulnerability exists in the handling of the udp:// URL handler. By supplying a specially crafted string, a remote attacker could cause an arbitrary code execution condition, under the privileges of the user running VLC. etc - hxxp://projects.info-pull.com/moab/MOAB-02-01-2007.html Spanner -- I Only Know What I Know, But I'm Learning all The Time - Stay Safe - Spanner intheWorks /SpannerITWks
	to forum · permalink · · 2007-01-03 23:55:33 ·
AB Premium join:2006-04-04 Leesburg, VA	Yeah, Quicktime 7.1.3, too. The big kick-off to the highly anticipated "Month of Apple Bugs" festivities. Welcome aboard, Mac mateys! The exploit in QT has to do with RTSP (Real Time Streaming Protocol handler), and the suggested work-around is simply to disable it in QT's preferences. It affects QT Alternative, also. What's in store for tomorrow, I wonder? It's like an old Saturday matinee cliffhanger-- stay tuned!
	to forum · permalink · · 2007-01-04 00:35:29 ·
Dude111 An Awesome Dude Premium join:2003-08-04 USA	reply to SpannerITWks Anyone have a Proof of Concept Test File for this? (Like to test mine and see)
	to forum · permalink · · 2007-01-04 00:59:47 ·
La Luna Surviving Ashraful Premium join:2001-07-12 Warwick, NY clubs: ·Optimum Online ·Vonage	reply to SpannerITWks There is a patch for OS X and Quicktime already. Update The developers of VLC meanwhile have included a patch in their CVS. Landon Fuller, maintainer of macports, provides a patch in source and binary form. In addition he also provides an unofficial patch for the Quicktime hole, published yesterday. But you'll need to install the free Application Enhancer to use those binary patches. »www.heise-security.co.uk/news/83123 -- ~~Well, I think you're crazy, I think you're crazy, I think you're crazy, just like me...~~
	to forum · permalink · · 2007-01-04 01:59:15 ·
La Luna Surviving Ashraful Premium join:2001-07-12 Warwick, NY clubs: ·Optimum Online ·Vonage	reply to Dude111 said by Dude111 : Anyone have a Proof of Concept Test File for this? (Like to test mine and see) »projects.info-pull.com/moab/MOAB···007.html -- ~~Well, I think you're crazy, I think you're crazy, I think you're crazy, just like me...~~
	to forum · permalink · · 2007-01-04 01:59:47 ·
Khaine join:2003-03-03 Australia	reply to SpannerITWks This only occurs if VLC is the default player for the stream, or you elect for vlc to open the stream, correct?
	to forum · permalink · · 2007-01-04 08:31:33 ·
Dude111 An Awesome Dude Premium join:2003-08-04 USA ·Time Warner VOIP	reply to La Luna quote: »projects.info-pull.com/moab/MOAB···007.html I meant like a link to an actual stream like this test stream I posted for the WMP test in this thread.
	to forum · permalink · · 2007-01-04 17:55:04 ·
ZZZZZZZ Premium join:2001-05-27 PARADISE 1 edit	reply to Khaine This is only for ''UDP/RTP''........wth uses that anyway! »secunia.com/advisories/23592/ -- BRING OUR TROOPS HOME,NOW!!!!!
	to forum · permalink · · 2007-01-04 17:56:15 ·
AB Premium join:2006-04-04 Leesburg, VA	said by ZZZZZZZ : This is only for ''UDP/RTP''........wth uses that anyway! Me, for one. Not often, but I have used it. Not in VLC, though.
	to forum · permalink · · 2007-01-04 18:22:27 ·
antiserious The Future ain't what it used to be Premium join:2001-12-12 Scranton, PA	reply to SpannerITWks More info at their site, and a patch is already available. »www.videolan.org/sa0701.html -- "The future ain't what it used to be." - Yogi Berra
	to forum · permalink · · 2007-01-04 23:10:57 ·


Friday, 04-Dec 02:20:43	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 10 years online! © 1999-2009 dslreports.com.republican-creole page compression OFF