==================================================================== CERT-Renater Note d'Information No. 2012/VULN137 ____________________________________________________________________ DATE : 20/03/2012 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S) : Systems running VLC media player versions prior to 2.0.1. ====================================================================== http://www.videolan.org/security/sa1201.html http://www.videolan.org/security/sa1202.html ______________________________________________________________________ Security Advisory 1201 Summary : Stack overflow in VLC MMS support Date : March 2012 Affected versions : VLC media player all versions up to 2.0.1 ID : VideoLAN-SA-1201 CVE reference : CVE-2012-1775 Details Details will be known later. Impact If successful, a malicious third party could crash the VLC media player process. Arbitrary code execution should be possible on most systems. Threat mitigation Exploitation of this issue requires the user to explicitly open a specially crafted file. Workarounds The user should refrain from opening files from untrusted third parties or accessing untrusted remote sites (or disable the VLC browser plugins), until the patch is applied. Alternatively, the MMS access plugin (libaccess_mms_plugin.*) can be removed manually from the VLC plugin installation directory. This will prevent opening of MMS:// streams. Solution VLC media player 2.0.1 addresses this issue. Patches for older versions will be available through the git repositories Credits This vulnerability was reported by Florent Hochwelker, aka TaPiOn. References The VideoLAN project http://www.videolan.org/ History 12 March 2012 Vendor notification. Private patch for VLC development version, 2.0 and 1.1 trees. Initial security advisory. 15 March 2012 Official patch merged in VLC development version, 2.0 and 1.1 trees. Jean-Baptiste Kempf, on behalf of the VideoLAN project _______________________________________________________________________ Security Advisory 1202 Summary : Heap overflows in VLC Real RTSP support. Date : March 2012 Affected versions : VLC media player all versions up to 2.0.1 ID : VideoLAN-SA-1202 CVE reference : CVE-2012-1776 Details Details will be known later. Impact If successful, a malicious third party could crash the VLC media player process. Arbitrary code execution could be possible on some systems. Threat mitigation Exploitation of this issue requires the user to explicitly open a specially crafted file. Workarounds The user should refrain from opening files from untrusted third parties or accessing untrusted remote sites (or disable the VLC browser plugins), until the patch is applied. Alternatively, the realrtsp access plugin (libaccess_realrtsp_plugin.*) can be removed manually from the VLC plugin installation directory. This will prevent opening of Real rtsp streams. Solution VLC media player 2.0.1 addresses this issue. Patches for older versions will be available through the git repositories Credits This vulnerability was reported by Florent Hochwelker, aka TaPiOn. References The VideoLAN project http://www.videolan.org/ History 12 March 2012 Vendor notification. Private patch for VLC development version, 2.0 and 1.1 trees. Initial security advisory. 15 March 2012 Official patch merged in VLC development version, 2.0 and 1.1 trees. Jean-Baptiste Kempf, on behalf of the VideoLAN project ====================================================================== ========================================================= Serveur de référence du CERT-Renater https://services.renater.fr/ssi/ ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23 - 25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email: certsvp@renater.fr + =========================================================