VLC Media Player contains a vulnerability in the MKV demuxer when handling maliciously crafted MKV files. An attacker may send a target a specially crafted MKV file, which causes an input validation error within the demuxer. Successful exploitation could allow execution of arbitrary code.
VLC Media Player 1.x
BeyondTrust Prevention and Detection:
- BeyondTrust's Retina® Network Security Scanner scans devices to detect for this vulnerability.
Do not open '.mkv' files, or manually remove the MKV demuxer plugin (libmkv_plugin.*) from the plugin installation directory.