VLC Media Player 3.0.11 Released: Severe Remote Code Execution Flaw Fixed

June 18, 2020

VLC Player update includes fixes for remote code execution flaws

Reportedly, the VideoLan has released a new version of its widely used media player named VLC Media Player 3.0.11 that is available for different platforms like Windows, Mac, and Linux as well. This new update includes various bug fixes and improvements, however it also has fixed security vulnerability that could lead hackers to execute commands or crash VLC on vulnerable computers.

The aforementioned vulnerability in VLC is tracked as CVE-2020-13428 and is also called as “buffer overflow in VLC’s H26X packetizer” which would allow hackers to execute various commands, and that’s too under same security level as the user do, but if those vulnerabilities are properly exploited.

According to what VideoLan’s reports, this mentioned vulnerability can be exploited by creating a specially developed file and enforcing a targeted user to click the file to open with VLC.

Further, the company has to say that the vulnerability will surely lead the player to crash, however it could also be used by attackers as mentioned to execute commands on remote basis. Here’s the statement of VideoLan:

“If successful, a malicious third party could trigger either a crash of VLC or an arbitratry code execution with the privileges of the target user.

While these issues in themselves are most likely to just crash the player, we can't exclude that they could be combined to leak user informations or remotely execute code. ASLR and DEP help reduce the likelyness of code execution, but may be bypassed.

We have not seen exploits performing code execution through these vulnerability”

Since the discussed vulnerabilities and its disclosure to public regarding problematic code, all users are suggested to download and install the latest version of VLC on their machine. Here mentioned the full change log for newer version:

Fixes HLS regressions
Fixes a potential crash on startup on macOS
Fixes imprecise seeking in m4a files
Fixes resampling on Android
Fixes a crash when listing bluray mountpoints on macOS
Avoid unnecessary permission warnings on macOS
Fixes permanent silence on macOS after pausing playback
Fixes AAC playback regression
And a security issue

More Stories

How Optimum Gives a Seamless Gaming Experience?

December 13, 2023

Windows 11 Update: Say Bye To These Features

June 25, 2021

Massachusetts MassNotify Android COVID App Forced By Google

June 21, 2021

You may have missed

How to Remove PUADImanager:Win32/InstallCore from PC

April 30, 2024

How to Remove PUABundler:Win32/PiriformBundler from PC

April 30, 2024

How to Remove PUABundler:win32/fusionCore from PC

April 30, 2024

How to Remove Program:Win32/Wacapew.C!ml from PC

April 30, 2024

Sukbwstore.com Review: Exposing Deception in the Shadows of E-commerce

April 30, 2024