A malicious actor could do it for fun, no? Or maybe they found a new way to steal your information. But, whatever their intention is, a flaw in the VLC app could let them do exactly that! That’s why the folks at VideoLAN recommend that you update to VLC 3.0.11 for Windows 10, which patches the vulnerability.
VLC media player patches crash vulnerability
Tommy Muir alerted VideoLAN to the CVE-2020-13428 flaw that affects the VLC media player. In a typical CVE-2020-13428 exploit, an attacker remotely delivers a specially crafted script that causes a buffer overflow affecting the VLC H26X packetizer. They could send you the malware disguised as a genuine media file. They could also deliver it in the form of a media stream. Once you open the specially crafted file, the malware starts executing. After that, the bad actor may be able to crash your media player in a denial of service attack. Alternatively, they could gain your user privileges and execute arbitrary scripts. The VLC media player takes advantage of address space layout randomization (ASLR), a memory protection technique that minimizes the risk of buffer-overflow attacks. Apart from that, it also leverages data execution prevention (DEP) to guard against the effects of malware and viruses. But VideoLAN warns that an attacker may still breach ASLR and DEP and succeed in their CVE-2020-13428 attack. Most probably, the company received a proof of concept from Muir, rather than evidence of an ongoing exploit in the wild. So, you should be safe for now, although updating to the latest version of the VLC media player should be a priority. Do you use the VLC media player for Windows 10, and are you experiencing any crash issues? Kindly let us know or ask any questions via the comments section below.
SPONSORED
Name *
Email *
Commenting as . Not you?
Save information for future comments
Comment
Δ
