漏洞类别:Local
漏洞等级: 
漏洞信息
VLC media player is a portable, free and open-source, cross-platform media player and streaming media server written by the VideoLAN project. An unauthenticated remote attacker can upload a specially crafted Subtitles file to the online repository that, when loaded by VLC users, triggers an arbitrary code execution.
Affected Version
VLC Media Player versions prior to 2.2.5.1
Detection Logic(Authenticated):
This QID checks for VLC Media Player versions less than 2.2.5.1
漏洞危害
On successful exploitation it allows remote attackers to execute arbitrary code via a crafted subtitles file.
解决方案
Customers are advised to download the latest version from VLC Media Player Download Page
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0daybank
文章评论