On Mon, Apr 22, 2013 at 07:31:07AM -0400, jay van wrote: > if VLC media player is launched in QT mode and the user is on windows NT > (any version of windows so far as tested) connected to the internet there > is a vulnerability in the handling of unicast packets. The Proof of concept > code is in development and should be ready for publishing within the next 2 > weeks. More in depth vulnerability information will be released with the > proof of concept. This is a joint effort (the POC (proof of concept) code > and vuln discovery) by 2 security firms. 4sData IT solutions and another > firm that would like to remain nameless for the time being. This > vulnerability exposes almost everyone using VLC media player (unless on > linux systems and thats just because of the lack of testing so far may > still be found to be exposed.). Thank you for your time and if interested > please respond and let me know,. > > - Jay @ 4sData-IT-Solutions (www.4sdata.com - coming soon) > > P.S. Launching 4sData this week to coincide with the VLC vuln. Please follow responsible disclosure and report issues first to the vendor and go public after waiting for a fix (or no reply). VLC usually replies to important issues very fast. Please contact me in case you need a hand in communication. --- Henri Salo
Attachment:
signature.asc
Description: Digital signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/