Vulnerability Reported: a Patch for MPlayer
Multimedia software MPlayer notifies of security holes in the Real demuxer code that can result in arbitrary code execution.
The three vulnerability spots in MPlayer that Felipe Andres Manzano discovered in the code, and reported in an oCert advisory, all lead to the same possibility: an attacker can exploit a heap overflow to create a specific video file that can compromise the code. This video can have the stream_read function read or write arbitrary amounts of memory, resulting in unexpected code execution that could cause process termination. The affected MPlayer versions are 1.0 RC2 and earlier. The advisory references the required patch.
Tag Cloud
News
-
Heartbleed Bleeds On
According to a report, many potential victims of the Heartbleed attack have patched their systems, but few have cleaned up the crime scene to protect themselves from the effects of a previous intrusion.
-
Drone Brain Goes Open Source
DARPA and NICTA release the code for the ultra-secure microkernel system used in aerial drones.
-
Password Management Services Vulnerable to Attack
Should you trust an online service to store your online passwords?
-
New Raspberry Pi Adds Two USB Ports
New B+ board lets you build cool things without the complication of a powered USB hub.
-
Microsoft Grabs No-IP.com Domains
Redmond rushes in to root out alleged malware haven.
-
Firefox Steps into 3D
New initiative will bring futuristic virtual reality effects to the web surfing experience.
-
New Trojan Targets Online Banking
Dyreza malware launches a man-in-the-middle attack that compromises SSL.
-
HP Rolls Out Massive Cloud Network
New cloud combines worldwide access with local attention to data security.
-
New Attack Targets Wireless Logins
A first cousin of the recent Heartbleed attack affects EAP-based wireless and peer-to-peer authentication.
-
Geeks Petition for Free Lenovo BIOS
FOSS community acts to protect freedom of choice for laptop devices.