Themes & Channels
Media players in trouble : QuickTime, VLC, AOL are vulnerables
By Jerome Saiz, Mon, January 14th, 2008
Critical flaws have been exposed in popular media players Apple QuickTime, VLC and AOL's Radio Player. All could potentially compromise the host PC. Only AOL have submitted a patch yet.
Italian bug hunter Luigi Auriemma exposed two critical vulnerabilities within two of the most popular media players, Apple's QuickTime and VideoLan's free (and excellent !) VLC Media Player. Both could lead to running arbitrary code on PC by following a malicious link.
Both vulnerabilities are related to the RTSP protocol used on the Internet to stream content in real-time. Each application is vulnerable in its latest version (QuickTime 7.3.1 and VLC 0.8.6d). No patch is available yet, and users are advised to not stream content from untrusted sites.
AOL got hit, too, through its AOL Radio tool. It was possible to execute arbitrary commands on the PC by exploiting a vulnerable component through an ActiveX control. This flaw got patched, though.
More information :
- About the QuickTime flaw
- About the VLC flaw
- About the AOL Radio flaw
Print this news
Into IAM ?
The IAM 2008 Series
SecurityNewsletter interviews major Identity & Access Management players to give you the lead on what IAM will be in 2008.