Notebookcheck Logo

PSA: Update your copy of VLC to avoid allowing hackers full control of your computer when opening video files

VLC is a popular open source and cross-platform media player with over 3 billion downloads since 2005.
VLC is a popular open source and cross-platform media player with over 3 billion downloads since 2005.
Popular video and media player VideoLan Client (VLC) has been found by security researchers to have two serious vulnerabilities, allowing malicious .avi and .mkv files to execute any code with full user privileges. Version 3.0.7 or newer addresses this vulnerability, so check to make sure your version is up-to-date.

VLC is an extremely popular (and useful) open source and cross-platform media player and framework created by the non-profit organization VideoLAN Project. It's known for its ability to play nearly any media files without additional codecs as well as incomplete or partially corrupted files, but security researchers at Pen Test Partners announced a major vulnerability which exploits both .avi and .mkv file formats.

The penetration and security researchers at Pen Test Partners found issues in both .avi and .mkv file decoders which could not only be used to trigger crashes (demonstrated in a proof of concept in their security announcement), but more seriously allow execution of code with the full privileges of the currently logged in user. Without updating to VLC 3.0.7 or newer, any malicious actor could upload doctored media files in either .avi or .mkv formats to popular file-sharing websites and achieve nearly unprecedented access to execute code on victims' computers.

If you haven't downloaded your copy of VLC within the past week or so, you'd best go here to download the latest version which addresses this vulnerability as soon as possible.

static version load dynamic
Loading Comments
Comment on this article
Please share our article, every link counts!
> Expert Reviews and News on Laptops, Smartphones and Tech Innovations > News > News Archive > Newsarchive 2019 06 > PSA: Update your copy of VLC to avoid allowing hackers full control of your computer when opening video files
Douglas Black, 2019-06-24 (Update: 2019-06-24)