![]() Morales said the most troubling of the flaws is a buffer overflow bug (CVE-2019-14970) in the MKV demuxer – a component responsible for multiplexing digital and analog files. “This is an out-of-bounds (OOB) write (heap overflow) vulnerability that affects the. ![]() ![]() The researcher also singled out a similar bug (CVE-2019-14438), which allows an attacker to gain access to a PC using a booby-trapped. MKV is technically a video container format, similar to the. “An attacker could execute code in VLC execution context. This means that an attacker could perform the same actions that the legitimate user can, but without the consent of the user and without user noticing it. “A user only needs to open the file to trigger the vulnerability (double-click is enough).” Other Issues In quite a number of cases, the attacker could take the control of the computer also,” Morales told Threatpost. Two additional security issues, with pending CVE IDs, were reported by Scott Bell from Pulse Security. Researcher Hyeon-Ju Lee is credited for identifying CVE-2019-13602. And Xinyu Liu is credited for finding CVE-2019-13962.Īll bugs have been confirmed with VideoLAN project, Morales said. That’s in contrast to last month, when a German security agency reported that a critical vulnerability existed in VLC that it claimed could enable remote code-execution and other malicious actions. It turned out the media player in that instance was not vulnerable. The new vulnerabilities impact VLC version 3.0.7.1. The current updated 3.0.8 version fixes those bugs. ![]() According to VideoLAN, the updates have not been pushed out to users however, users can manually update their client by directly downloading the most recent version. Click here to register.Download Bytefence Anti-Malware Removal Tool for Windows Download Removal Tool Interested in more on the internet of things (IoT)? Don’t miss our free Threatpost webinar, “IoT: Implementing Security in a 5G World.” Please join Threatpost senior editor Tara Seals and a panel of experts as they offer enterprises and other organizations insight about how to approach security for the next wave of IoT deployments, which will be enabled by the rollout of 5G networks worldwide. To remove Bytefence Anti-Malware from Windows completely, we recommend you to use WiperSoft AntiSpyware from WiperSoft.
0 Comments
Leave a Reply. |