BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to the Zeroday Tracker: Your Vulnerability Watchlist

Get critical updates on the latest zeroday threats, including impact, mitigation and protection information - only from BeyondTrust.

VLC Media Player MKV Demuxer Vulnerability

Disclosed January 30, 2011    Fully Patched

Vulnerability Description:

VLC Media Player contains a vulnerability in the MKV demuxer when handling maliciously crafted MKV files. An attacker may send a target a specially crafted MKV file, which causes an input validation error within the demuxer. Successful exploitation could allow execution of arbitrary code.

Vendors:

VideoLAN

Vulnerable Software/Devices:

VLC Media Player 1.x

Vulnerability Severity:

High

Exploit Availability:

N/A

BeyondTrust Prevention and Detection:

Mitigation:

Do not open '.mkv' files, or manually remove the MKV demuxer plugin (libmkv_plugin.*) from the plugin installation directory.

Links:

CVE(s):

None

Leave a Reply