Just a few days after the VLC developers fixed a vulnerability in the popular VLC video player, a new critical security vulnerability in the processing of .mkv files became public. By opening specially crafted .mkv files, the computer can be infected with a Trojan, for example. The files don’t need the .mkv extension necessarily as VLC tries to find the appropriate demultiplexing routines automatically.
A fix is already available in the source code repositories – but a new installation version which isn’t affected by the flaw is not yet ready. Until then, don’t open files from untrusted sources with VLC!
Dirk Knop
Technical Editor
Full story: Avira – TechBlog
Related Posts
- Critical Java Update and a new Windows Vulnerability
Multiple security vulnerabilities have been found within the current Java runtime environments, both for client computers and for servers. These allow attackers to infect computers for example with a ... - VLC 1.1.7 fixes critical .mkv vulnerability
The VLC developers are really fast! Only two days after a new security vulnerability in the .mkv processing routines became public, a fixed version of the player is available for download. VLC 1.1.7 h... - Highly Critical Vulnerability Headlines Light Patch Tuesday
Microsoft has released 3 updates to Office and the Forefront Unified Access Gateway (UAG) to address a total of 11 vulnerabilities. Just 1 of the 11 is rated critical, but it's a doozy.
MS10... - Critical Vulnerability in Firefox Browser
Yesterday we received reports about a critical vulnerability in Firefox browser that has been detected in the wild. According to the reports, this flaw can potentially allow an attacker to e... - ALERT: A critical vulnerability in Firefox versions 3.5 and 3.6 exists and is being actively exploited
Details here: http://blog.mozilla.com/security/2010/10/26/critical-vulnerability-in-firefox-3-5-and-firefox-3-6/
View full post on Spyware Sucks... - New Adobe Flash Critical Vulnerability Exploited in the Wild
Adobe has issued a security advisory APSA10-03 describing a new critical vulnerability in its products. This time, the primary target is Flash Player with multiple platforms—Windows, Mac, Linux, Solar... - Critical Adobe Acrobat APSB10-17 Vulnerability Patch
Adobe Systems has sent out a critical Security Advisory for Adobe Reader and Acrobat. This advisory is related to the security vulnerability CVE-2010-2862. For more information, please refer to this S... - Microsoft ‘working’ on patch for critical Windows vulnerability
Microsoft is now working on a patch to prevent exploits of a newly discovered vulnerability that affects all versions of Windows.
View full post on Network World on Security... - iTunes Update Fixes Critical Vulnerability
A single critical vulnerability in the Windows version of iTunes 9.2 is fixed in the just-released version 9.2.1.
The vulnerability, reported to Apple by Clint Ruoho of Laconic Security, is ... - Firefox 4 gets its first security update
Yesterday, five weeks after shipping Firefox 4, the Mozilla project published the new browser's first-ever security update. The Firefox version number bumps up to 4.0.1.The update fixes 50-odd bugs in...
Posted on 02 February 2011. Tags: again, critical, Vulnerability
