VLC의 원격 코드 실행 취약점이 패치되지 않은 채로 남아 있습니다.

ment 7/24 '19 posted 뉴스 IT

• 심각도 수준에도 불구하고 현재 이 취약점에 대해 사용할 수있는 패치가 없습니다.

• 구체적으로는 VLC 미디어 플레이어의 힙 기반 버퍼 오버 리드 취약점이 미디어 플레이어 modules / demux / mkv / demux의 mkv :: demux_sys_t :: FreeUnused ()에 존재합니다.

• 이 소프트웨어는 다양한 운영 체제 및 버전에 걸쳐 31 억 이상의 설치가 있기 때문에 이 결함의 잠재적인 영향은 중요합니다.

• 이 취약점은 Windows, Linux 및 UNIX 버전 3.0.7.1 및 이전 버전의 VLC 플레이어의 최신 릴리스에 영향을 줍니다.

• 독일의 컴퓨터 응급 대응팀 (CERT-Bund)은 이 결함을 힙 기반 메모리 버퍼 오버 리드 조건으로 분류하고 심각도 척도로 5 점 만점에 4 점을 부여했습니다.

• VLC 개발팀이 사용하는 버그 트래커에 따르면, VideoLAN는 이미 이 문제를 해결하기위한 보안 패치의 개발에 노력하고 있습니다.

• "익명의 원격 공격자는 VLC의 취약점을 악용하여 ESET에서 언급한 것처럼 임의 코드를 실행하거나 서비스 거부 상태를 일으키거나 정보를 추출하거나 파일을 조작 할 수 있습니다.

VLC Media Player Plagued By Unpatched Critical RCE Flaw [threatpost.com]

CERT-Bund warns of a critical vulnerability in VLC player [securityaffairs.co]

Remote code execution vulnerability in VLC remains unpatched [www.zdnet.com]

VLC player has a critical flaw - and there’s no patch yet [www.welivesecurity.com]

newest replies popular replies

Open Wiki - Feel free to edit it. -

7/24 '19 answered

A remote attacker can exploit the vulnerability in #VLCplayer to execute arbitrary code, cause a denial-of-service condition, exfiltrate information, or manipulate files. As of the time of writing, the patch is said to be 60% complete. @welivesecurity https://t.co/TMC7ppq5G9 pic.twitter.com/YRi5O54n9W
— ESET (@ESET) July 23, 2019

Critical RCE in #VLC media player. Vulnerability exists in the #Windows, #Linux and #UNIX versions of VLC 3.0.7.1. No patch available yet.https://t.co/Nz57OWHCVq
— John Opdenakker (@j_opdenakker) July 23, 2019

The VLC open-source media player has a critical-severity bug that could enable remote code execution and other malicious actions. Worse, there is no patch to patch the vulnerability.https://t.co/zikLsYzpwd #MobileSecurity #SaaS #Tech #Ransomware #Websecurity #CyberSecurity
— US Cybersecurity Mag. (@USCyberMag) July 23, 2019

VLC Media Player Plagued By Unpatched Critical RCE Flaw: https://t.co/KdVOywYbsF
— The Cyber Security Hub (@TheCyberSecHub) July 23, 2019

CERT-Bund warns of a critical vulnerability in VLC player https://t.co/9Ne0hn2mzu
— Nicolas Krassas (@Dinosn) July 23, 2019

Remote code execution vulnerability in VLC remains unpatched https://t.co/DUHTufhe0H #Cybersecurity #cybercrime #cyberattacks #hacker #hack #breach #phishing #dos #ransomware #malware #virus #apt #pii #nist #fcc #finra #hipaa #pci pic.twitter.com/THeVRoZulU
— Rich Tehrani (@rtehrani) July 23, 2019

Stop using VLC for a few days.

Remote code execution vulnerability in VLC remains unpatched https://t.co/W4dDM4mOEX via @SecurityCharlie
— Gregg Housh (@GreggHoush) July 23, 2019

Remote code execution vulnerability in VLC remains unpatched https://t.co/u4pllAbUaX by @SecurityCharlie
— ZDNet (@ZDNet) July 23, 2019

A remote attacker can exploit the vulnerability in #VLCplayer to execute arbitrary code, cause a denial-of-service condition, exfiltrate information, or manipulate files. As of the time of writing, the patch is said to be 60% complete. @welivesecurity https://t.co/TMC7ppq5G9 pic.twitter.com/YRi5O54n9W
— ESET (@ESET) July 23, 2019

VLC player has a critical flaw – and there’s no patch yet.
“A remote attacker can exploit the vuln in VLC to execute arbitrary code, cause a DoS condition, exfiltrate information, or manipulate files.”

via @welivesecurity https://t.co/Sll4eIzUN0 #CyberSecurity|#InfoSec pic.twitter.com/c4KTb4XgF9
— Wi-Fibre (@Wi_Fibre) July 23, 2019

VLC player has a critical flaw – and there’s no patch yet https://t.co/4TPmUoDCXi pic.twitter.com/BKHPK15zzF
— CSPF (@CyberSecurityPr) July 22, 2019

On the flip side, there are currently no known cases of the vulnerability being exploited in the wild The post VLC player has a critical flaw – and there’s no patch yet appeared first on WeLiveSecurity https://t.co/8lEQLuGJsb via @InfoSecHotSpot pic.twitter.com/bMtZ7C4tmW
— Sean Harris (@InfoSecHotSpot) July 22, 2019

permanent link

Open Wiki - Feel free to edit it. -

7/25 '19 answered

Threatpost | VLC Media Player Plagued By Unpatched Critical RCE Flaw https://t.co/ian1Abnihf
— Kimberly (@StopMalvertisin) July 23, 2019

Remote code execution #vulnerability in VLC remains unpatched #infosec https://t.co/BzBC6S3Jk6 pic.twitter.com/5l48Bk5696
— TEAM CYMRU (@teamcymru) July 24, 2019

permanent link

Featured

Important Notice: Discontinuation of Our Wiki Service

Dear Valued Users,

We hope this message finds you well. We are writing to inform you of an important upcoming change to our services. After careful consideration and analysis, we have made the difficult decision to discontinue our wiki site, effective one month from 2024/04/30.

This was not an easy decision to make, as we understand the importance of the resources and community that have been built around our wiki. However, due to evolving market conditions and strategic realignments, we must redirect our resources and efforts towards other ventures that will allow us to serve you better in the future.

What This Means for You:

Access to Content: You will continue to have full access to all content on the wiki until the discontinuation date. We encourage you to save or migrate any content you wish to retain.
Final Date of Service: The wiki will become inaccessible starting 1st June 2024, after which all content will be permanently removed.

We are immensely grateful for the support and contributions of our user community throughout the years. The wiki is being retired, but our team will be back soon with new services and apps.

Thank you for being a part of our journey.

Warm regards,

editoy Inc.

Related

Featured