Added: 06/27/2011
CVE: CVE-2011-0531
BID: 46060
OSVDB: 70698
VLC media player is a media player supporting various audio and video formats for multiple platforms.
VideoLan VLC 1.1.6.1 and earlier are vulnerable to a remote code execution vulnerability as a result of insufficient input validation. A remote attacker can exploit this vulnerability by enticing a user to open a specially crafted **MKV**
(**Matroska**
or **WebM**
) file.
Upgrade to VLC media player 1.1.7 or higher. Patches for some older versions are also available.
<http://www.videolan.org/security/sa1102.html>
Exploit works on VideoLAN VLC 1.1.0.
The user must open the exploit file on the target with a vulnerable version of VLC.
Windows