The flaw enables remote code execution (RCE), unauthorised modification and disclosure of data/files and disruption of service. It is rated at 9.8 in NIST's National Vulnerability Database, making it a 'critical' vulnerability. The newly discovered flaw, indexed as CVE-2019-13615, exists in VLC Media Player version 3.0.7.1 - the newest release of the application, according to CERT-Bund. In addition, a fix has yet to be released. ![]() However, exploits will almost certainly emerge in the coming days considering that the vulnerability is now in public domain. Computing has published an update to this story after VideoLAN, the organisation behind VLC Media Player, claimed that the security flaw had been fixed 16 months ago, and that CERT-Bund and MITRE had acted before testing the vulnerability first.Īnother critical vulnerability in VLC Media Player, which could enable hackers to access and modify data on devices, has been identified by German cyber-security agency CERT-Bund.ĬERT-Bund has not yet observed the vulnerability being exploited in the wild by attackers.
0 Comments
Leave a Reply. |