VLC Player warns of flaw allowing hackers to execute code
Take action: No idea if anyone still uses Microsoft Media Server streams. But since patching is trivial don't delay it. Update your VLC and carry on.
Learn More
A vulnerability isb reported in VLC Media Player, potentially allowing attackers to execute arbitrary code on users' computers. This vulnerability, tracked in Security Bulletin VLC 3.0.21, affects VLC versions 3.0.20 and earlier and arises due to a heap-based overflow triggered by an integer overflow when processing a maliciously crafted MMS (Microsoft Media Server) stream.
Affected Versions are VLC Media Player 3.0.20 and earlier. Exploiting this flaw could cause VLC to crash or allow an attacker to execute arbitrary code with the privileges of the target user. While the most likely outcome is a crash, there's the potential for combining this vulnerability with others to leak user information or achieve remote code execution.
The vulnerability requires the user to open a maliciously crafted MMS stream. This action can lead to a heap-based overflow, which may be exploited for code execution.
Users are strongly advised to avoid opening MMS streams from untrusted sources and to disable VLC browser plugins until they apply the latest patch.
