“An attacker could execute code in VLC execution context. MKV is technically a video container format, similar to the. The researcher also singled out a similar bug (CVE-2019-14438), which allows an attacker to gain access to a PC using a booby-trapped. “This is an out-of-bounds (OOB) write (heap overflow) vulnerability that affects the. Morales said the most troubling of the flaws is a buffer overflow bug (CVE-2019-14970) in the MKV demuxer – a component responsible for multiplexing digital and analog files. This scenario can be applied to all the vulnerabilities.” High-Risk Bugs The victims only need to open the video file to trigger the vulnerability. “After this, a lot of users download the file via Torrent. “A hypothetical scenario: an attacker uploads the video file to a tracker Torrent using a filename of a trending TV series,” he wrote. Eleven of the flaws were found by Antonio Morales, a researcher at the Semmle Security Team, which also posted a technical breakdown of the bugs.Įxploitation of any of the bugs would be straightforward, Morales wrote Threatpost in an email interview. In addition to the two high-risk bugs, five were rated medium, three low and others remain unrated. The flaws were made public Monday by the developer of the open-source VLC media player, VideoLAN project, who also made patches available to mitigate the issues. ![]() ![]() MKV video file that could be used in an attack to gain control of the victim’s PC. Two high-risk vulnerabilities in the VLC media player could allow an adversary to craft a malicious.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |