The researcher also singled out a similar bug (CVE-2019-14438), which allows an attacker to gain access to a PC using a booby-trapped. “This is an out-of-bounds (OOB) write (heap overflow) vulnerability that affects the. Morales said the most troubling of the flaws is a buffer overflow bug (CVE-2019-14970) in the MKV demuxer – a component responsible for multiplexing digital and analog files. This scenario can be applied to all the vulnerabilities.” High-Risk Bugs The victims only need to open the video file to trigger the vulnerability. “After this, a lot of users download the file via Torrent. “A hypothetical scenario: an attacker uploads the video file to a tracker Torrent using a filename of a trending TV series,” he wrote. Eleven of the flaws were found by Antonio Morales, a researcher at the Semmle Security Team, which also posted a technical breakdown of the bugs.Įxploitation of any of the bugs would be straightforward, Morales wrote Threatpost in an email interview. In addition to the two high-risk bugs, five were rated medium, three low and others remain unrated. The flaws were made public Monday by the developer of the open-source VLC media player, VideoLAN project, who also made patches available to mitigate the issues. MKV video file that could be used in an attack to gain control of the victim’s PC. Two high-risk vulnerabilities in the VLC media player could allow an adversary to craft a malicious.
0 Comments
Leave a Reply. |