Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Critical flaw hits latest VLC media player software


31 Jan 2013   #1

Windows 7 Ultimate x64, XP Mode, W8.1 Preview VM - 7 Pro x64 second remote tower
 
 
Critical flaw hits latest VLC media player software

This isn't good! I run VLC as the WMP alternative on 7 and have on the 8 beta builds as well since that lacked dvd playback and video support. VLC is the backup player for vcd projects mostly here.

Quote:
Critical flaw hits latest VLC media player software

Vulnerability can be exploited remotely by tricking users into opening malicious ASF files

By Lucian Constantin
January 31, 2013 03:52 AM ET

IDG News Service - Versions 2.0.5 and earlier of the popular VLC media player software contain a critical vulnerability that can be potentially exploited by attackers to execute malicious code on computers.

The vulnerability is located in the VLC component responsible for playing ASF (Advanced Streaming Format) video files, VideoLAN, the non-profit organization that develops the media player, said in a security advisory published on its website.

Vulnerability research and management firm Secunia rated the flaw as highly critical and said its successful exploitation could allow the execution of arbitrary code. The flaw can be exploited by tricking a user into opening a specially crafted ASF file.

Vulnerability research and management firm Secunia rated the flaw as highly critical and said its successful exploitation could allow the execution of arbitrary code. The flaw can be exploited by tricking a user into opening a specially crafted ASF file.

VideoLAN advises users to refrain from opening files from untrusted locations and to disable the VLC browser plug-ins until the issue is patched. By default, VLC installs plug-ins for Mozilla Firefox, Internet Explorer, Google Chrome, Apple Safari, Opera and Konqueror. The plug-ins allow the playback of video files embedded into Web pages.

An alternative solution is to manually delete the vulnerable libasf_plugin.dll file from the VLC installation directory, VideoLAN said. This will disable the software's ability to play ASF videos until a patched version of the file is reinstalled during a software update.

A patch will be included in VLC 2.0.6, the next version of the media player, which is only available for testing purposes at the moment.

Users of Firefox, Chrome and Opera can use the 'click-to-play' functionality in those browsers to prevent the automated playback of plug-in-based content -- a method that can block silent Web-based attacks targeting vulnerabilities in popular browser plug-ins like Java, Adobe Reader or Flash Player. Mozilla announced this week that it plans to turn on click-to-play by default for all plug-ins in future versions of Firefox, except for the latest version of the Flash Player plug-in.

VLC media player is free to use and is available for Windows, Mac OS X, Linux and other UNIX-like operating systems including Solaris, FreeBSD, NetBSD, OpenBSD, as well as Android and iOS.
source

My System SpecsSystem Spec
.

01 Feb 2013   #2

Windows 7 Home Premium x64
 
 

Quote:
An alternative solution is to manually delete the vulnerable libasf_plugin.dll file from the VLC installation directory.
The file is located in the subdirectory vlc\plugins\demux.
My System SpecsSystem Spec
01 Feb 2013   #3

Windows 7 Ultimate x64, XP Mode, W8.1 Preview VM - 7 Pro x64 second remote tower
 
 

On the 64bit 7 here you would look in the "C:\Program Files(x86)\VideoLAN\VLC\Plugins\" folder and immediately find the libasf_plugin.dll file just sitting there waiting to be removed. There are no files in the Plugins folder not seeing "li" s the first two letters in the file names.
My System SpecsSystem Spec
.


Reply

 Critical flaw hits latest VLC media player software




Thread Tools




Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 12:37 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33