CVE-2012-1775

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus

SecuriTeam™
Beyond Security®

SecuriTeam™ Home
Ask the Team
Mailing Lists
Advertising Info
Blogs

	SecuriTeam™ in Your Inbox

	E-mail this CVE-2012-1775 to a friend

New vulnerability?
New tool?
Tell us

Credit:
The information has been provided by Florent Hochwelker, aka TaPiOn.

Website Security Scan	Code Vulnerability Test	Network Assessment Tool
Detect hidden vulnerabilities	Exhaustive automated testing	Real-time, continuous security
Get guidance from professionals	of internal or 3rd party code.	scanning for your entire network

Check for CVE-2012-1775

Vulnerability Assessment and Management.
Automated Pen Testing for 50 to 50,000 nodes
beyondsecurity.com/vulnerability-scanner

Vulnerable Systems:
* VLC media player all versions up to 2.0.1

The user should refrain from opening files from untrusted third parties or accessing untrusted remote sites (or disable the VLC browser plugins), until the patch is applied.
Alternatively, the MMS access plugin (libaccess_mms_plugin.*) can be removed manually from the VLC plugin installation directory. This will prevent opening of MMS:// streams.

Vendor Status:
VideoLAN had issued an update for this vulnerability

Patch Availability:
http://www.videolan.org/security/sa1201.html

CVE Information:
CVE-2012-1775

Disclosure Timeline:
12 March 2012
Vendor notification.
Private patch for VLC development version, 2.0 and 1.1 trees.
Initial security advisory.

15 March 2012
Official patch merged in VLC development version, 2.0 and 1.1 trees.
Jean-Baptiste Kempf,
on behalf of the VideoLAN project

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus