And Xinyu Liu is credited for finding CVE-2019-13962.Īll bugs have been confirmed with VideoLAN project, Morales said. Researcher Hyeon-Ju Lee is credited for identifying CVE-2019-13602. Two additional security issues, with pending CVE IDs, were reported by Scott Bell from Pulse Security. “A user only needs to open the file to trigger the vulnerability (double-click is enough).” Other Issues In quite a number of cases, the attacker could take the control of the computer also,” Morales told Threatpost. This means that an attacker could perform the same actions that the legitimate user can, but without the consent of the user and without user noticing it. “An attacker could execute code in VLC execution context. MKV is technically a video container format, similar to the. The researcher also singled out a similar bug (CVE-2019-14438), which allows an attacker to gain access to a PC using a booby-trapped. “This is an out-of-bounds (OOB) write (heap overflow) vulnerability that affects the. Morales said the most troubling of the flaws is a buffer overflow bug (CVE-2019-14970) in the MKV demuxer – a component responsible for multiplexing digital and analog files. This scenario can be applied to all the vulnerabilities.” High-Risk Bugs The victims only need to open the video file to trigger the vulnerability. “After this, a lot of users download the file via Torrent. “A hypothetical scenario: an attacker uploads the video file to a tracker Torrent using a filename of a trending TV series,” he wrote. Eleven of the flaws were found by Antonio Morales, a researcher at the Semmle Security Team, which also posted a technical breakdown of the bugs.Įxploitation of any of the bugs would be straightforward, Morales wrote Threatpost in an email interview. In addition to the two high-risk bugs, five were rated medium, three low and others remain unrated. The flaws were made public Monday by the developer of the open-source VLC media player, VideoLAN project, who also made patches available to mitigate the issues. MKV video file that could be used in an attack to gain control of the victim’s PC. Two high-risk vulnerabilities in the VLC media player could allow an adversary to craft a malicious.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |