in

VLC Media Player: CERT classifies vulnerability as critical (Update)

VLC Media Player: CERT stuft Sicherheitslücke als kritisch ein

VLC Media Player: CERT classifies vulnerability as critical
Picture: BSI

The Federal Office for Information Security (BSI) and the Computer Emergency Response Team (CERT) warn against a critical vulnerability in the VLC Media Player and grade it with the risk assessment “High” (Level 4). The federal agency recommends users to look for an alternative media player.

Current version with high risk potential for remote attacks

The BSI prepares and publishes preventive action recommendations for avoiding damage and now warns of a critical vulnerability in the current version 3.0.7.1 of the popular open source media player. According to the federal agency, there is a high risk potential for remote attacks in which anonymous attackers can execute arbitrary code on the compromised system. The vulnerability affects systems running Microsoft Windows, Unix, and Linux distributions.

A remote, anonymous attacker can exploit a vulnerability in VLC to execute arbitrary code, create a denial of service state, disclose information, or manipulate files.

BSI

The US government is also warning of the threat in the National Vulnerability Database (NVD), its vulnerability catalog. The report also shows that the complexity of an attack is comparatively low and that a potential attacker does not need special access rights. She also classifies the vulnerability with a rating of 9.8 as critical.

No security update announced

So far, VideoLAN, the nonprofit organization behind VLC Media Player, has not announced a security update yet. Since the version number 3.0.6 (and older) was already vulnerable to malicious code, the authority recommends users to switch to another media player for the time being. However, nothing is known yet about an active attack on VLC 3.0.7.1.

Update 21.07.2019 10:06 clock

Leave a Reply

Your email address will not be published. Required fields are marked *

New iPod touch 4 will Have a MacBook Pro Like Back? ❤ liked on Polyvore featur…

Interior Photography: best camera settings for shooting indoors