VideoLan v2.0.5 possible vulnerability - execution of code
Posted: 03 Mar 2013 23:33
by Gopher
I have just attempted to play an AVI file with version 2.0.5 by double clicking the AVI file itself. The file did not play, but what ever the code was that executed it deleted the Opera directory and attempted to change FireFox, after which it didn't function properly anymore. The change to the system (WinXP Pro 32 SP3) also caused login issues. Immediately after this the system was restored from a previous backup and the problem fixed. I have a copy of the suspect AVI. I would like to know how to report this to the Devs so they can take a look at it. How do I do that?
Re: VideoLan v2.0.5 possible vulnerability - execution of co
Posted: 04 Mar 2013 11:33
by TypX
First did you get your vlc from
http://videolan.org/ or from a third party site? If the latter it may be a scam.
Else open a trac ticket on
http://trac.videolan.org/vlc and upload the file on
http://streams.videolan.org/upload
Re: VideoLan v2.0.5 possible vulnerability - execution of co
Posted: 04 Mar 2013 12:58
by Gopher
Thankyou for the reply TypX. Yes, my VLC was downloaded direct from the VLC website. I will open a ticket. I wanted to check with the group first as some organizations don't like tickets opened before discussion.
Re: VideoLan v2.0.5 possible vulnerability - execution of co
Posted: 10 Mar 2013 01:50
by Jean-Baptiste Kempf
I wanted to check with the group first as some organizations don't like tickets opened before discussion.
This is a weird way...