Desktop Application
Now Reading
VLC Media Player Has a Critical Exploit Which Allows Your PC to be Hacked

VLC Media Player Has a Critical Exploit Which Allows Your PC to be Hacked

by Aiman MaulanaJune 27, 2019
What's your reaction?
Me Gusta
Sad Reacc

VLC Media Player Has a Critical Exploit Which Allows Your PC to be Hacked

If you are using VLC Media Player on your PC then this is an urgent matter that you need to take note of. It appears that a major exploit has been found on version 3.0.6 that can allow hackers to plant bugs in the computer system and essentially hack your PC.

It’s been mentioned that there are two high-risk security flaws that will allow hackers to load specially-crafted video file to execute arbitrary code. Given the sheer number of users that VLC Media Player has, it has a very huge damage potential.

Symeon Paraschoudis, a researcher from Pen Test Partners, who identified the first high-severity vulnerability as “CVE-2019-12874”, is an MKV double free issue and resides in ” zlib_decompress_extra() (demux/mkv/utils.cpp) ” function of VideoLAN VLC player. It can be triggered while parsing a malformed mkv file type within the Matroska demuxer.

The second vulnerability was discovered by zhangyang from Hackerone. It is identified as “CVE-2019-5439” and is a buffer overflow vulnerability that resides in ReadFrame (demux/avi/avi.c). It allows a remote user to create some specially crafted avi or mkv files that, when loaded by the target user, will trigger a heap buffer overflow into a targeted system.

From what we know thus far, the successful execution of a malformed file in the targeted system by a malicious third party could trigger either a crash of VLC or an arbitrary code execution with the privileges of the target user. Researchers said that a hacker could simply trick a target or a potential victim into opening a seemingly unsuspicious video in the VLC for the hacker to carry out his plan.

As such, you should be extra careful when opening video files moving forward, especially if you don’t know where it’s from or what it’s really about. VideoLAN has also released a newer, updated version, 3.0.7, which fixes the exploit, so it’s best to get that updated as soon as possible.

Click right here to download the new update 3.0.7.

Source: Z6mag

Pokdepinion: Best to update that as soon as possible. Better safe than sorry after all.

About The Author
Aiman Maulana
Jack of all trades, master of none, but oftentimes better than a master of one. YouTuber, video editor, tech head, and a wizard of gaming. What's up? :)

Let's Discuss It Further