Trustwave and Cybereason Merge to Form Global MDR Powerhouse for Unparalleled Cybersecurity Value. Learn More
Get access to immediate incident response assistance.
Get access to immediate incident response assistance.
Trustwave and Cybereason Merge to Form Global MDR Powerhouse for Unparalleled Cybersecurity Value. Learn More
Yesterday, Trustwave SpiderLabs has published an advisory for multiple vulnerabilities in the VLC Media Player web interface. The VLC Media Player is one of the most popular open-source media-player available. About a year ago, VLC reached over a billion downloads and now it's more popular than ever. It is not unusual for media-players to have vulnerabilities, such as buffer, heap and stackoverflows. However, Tanya Secker of Trustwave SpiderLabs discovered that features, such as the web interface could also have security risks too. Tanya discovered a lack of authentication and authorization in the web interface, which will be further addressed in a future VLC release. However, the recent versions currently mitigate against this potential security risk with being able to configure access control lists (ACLs) in the application preferences.
Additionally, Tanya discovered multiple XSS vulnerabilities in the web interface. These vulnerabilities were addressed in 2.0.7 (the latest version of VLC), which is now available at http://www.videolan.org/
Trustwave is a globally recognized cybersecurity leader that reduces cyber risk and fortifies organizations against disruptive and damaging cyber threats. Our comprehensive offensive and defensive cybersecurity portfolio detects what others cannot, responds with greater speed and effectiveness, optimizes client investment, and improves security resilience. Learn more about us.
Copyright © 2024 Trustwave Holdings, Inc. All rights reserved.