09 Jul 2013
01 Aug 2013
VLC Media Player 2.x
This covers vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user.
Kaveh Ghaemmaghami has discovered a vulnerability in VLC Media Player, which can be exploited by malicious people to potentially compromise a user's system.
The vulnerability is caused due to an integer overflow error within the libmkv_plugin.dll module when parsing MKV files, which can be exploited to cause a heap-based buffer overflow via an MKV file with a specially crafted header.
Successful exploitation may allow execution of arbitrary code.
The vulnerability is confirmed in version 2.0.7. Prior versions may also be affected.
Update to version 2.0.8.
Kaveh Ghaemmaghami via Secunia.