Stuff like sophisticated government spyware is scary and all – but don’t forget, a single .wmv file can pwn you via VLC
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India
Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan
Credits: The Register
VideoLAN has issued an update to address a baker’s dozen of CVE-listed security vulnerabilities in its widely used VLC player software.
The VLC update includes patches to clear up flaws that range in impact from denial of service (read: application crashes) to remote code execution (i.e. malware installation). Users and admins can get fixes for all of the vulnerabilities by updating VLC to version 3.0.8 or later.
So far, no attacks exploiting these holes have been reported in the wild.
“While these issues in themselves are most likely to just crash the player, we can’t exclude that they could be combined to leak user information or remotely execute code,” VideoLAN offered in announcing the update. “ASLR and DEP help reduce the likeliness of code execution, but may be bypassed.”
Each of the 13 flaws would be exploited by opening a booby-trapped media file, such as vids in WMV, MP4, AVI, and OGG formats. In other cases, the flaws could be exploited via browser plugins by visiting a malicious webpage.
11 of the 13 vulnerabilities were uncovered and reported to VideoLAN by bug hunter Antonio Morales Maldonado of security firm Semmle. Of those 10 bugs, Maldonado reckons that five in particular – two use-after-free() flaws and three out of bounds write bugs – are particularly dangerous as they would potentially allow for remote code execution if used successfully in the wild.
CVE-2019-14438 is particularly interesting as it targets .ogg files.
“This vulnerability could be triggered by inserting specially crafted headers which are not correctly counted by the xiph_CountHeadersfunction. As a result, the total number of bytes that could be written is larger than expected, overflowing previously allocated buffers,” Semmle notes in its disclosure.
“As a result, the total number of bytes that could be written is larger than expected, overflowing previously allocated buffers. In this case, the vulnerability risk is also increased due to the large amount of bytes that can be overwritten, and the possibility that it can also be turned into an OOB read.”
Two other remote code execution flaws were discovered by white-hats Hyeon-Ju Lee (who found CVE-2019-13602) and Xinyu Liu (CVE-2019-13962). Both of those would be triggered by launching a specially-crafted .MP4 file.
Maldonado’s other finds include three out-of-bounds read flaws (leading to information disclosure or an application crash) as well as two divide-by-zero and one null pointer dereference flaws that would crash the application. ®
www.extremehacking.org
Sadik Shaikh | Cyber Suraksha Abhiyan, Ethical Hacking Training Institute, CEHv10, CHFI, ECSAv10, CAST, ENSA, CCNA, CCNA SECURITY, MCITP, RHCE, CHECKPOINT, ASA FIREWALL, VMWARE, CLOUD, ANDROID, IPHONE, NETWORKING, HARDWARE, TRAINING INSTITUTE IN PUNE, Certified Ethical Hacking, CSA Certified SOC Analyst, CTIA EC-Council Certified Threat Intelligence Analyst, Center For Advanced Security Training in India, ceh v10 course in Pune-India, ceh certification in pune-India, ceh v10 training in Pune-India, Ethical Hacking Course in Pune-India
The post Stuff like sophisticated government spyware is scary and all – but don’t forget, a single .wmv file can pwn you via VLC appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
from Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity https://ift.tt/2Ze3gzv
Comments
Post a Comment