VLC Media Player "smb://" URI Handler ".xspf" File Buffer Overflow Issue
14 September 2010
VLC is a cross-platform multimedia player and framework. VLC is exposed to a buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input. Specifically, this issue occurs when parsing a specially crafted ".xspf" file with the "smb://" URI handler. VLC media player version 1.1.3 is affected.
Apart from being a way for dissidents and journalists to do their business without being spotted and identified by "the powers that be", the Dark Web is also a place where criminals sell and buy illegal wares and services and, apparently, where they also get robbed by scammers.
Brian Honan, CEO at BH Consulting, talks about a recent vulnerability disclosure trend – a trend that he believes may ultimately cause more harm than good: security vendors using vulnerability disclosure as a marketing tool with the goal of enhancing their company’s bottom line.
Attacks on the IoT can sound like the stuff of a movie thriller, but they are very real. The highly skilled and organized cybercriminals of today have the potential to tamper with a car’s firmware to kill its brakes.