Bonn, Germany - A security hole has been discovered in the VLC Media Player, the
German Federal Agency for Security in Information Technology (BSI) in Bonn
reported. Attackers can exploit this vulnerability using rigged Real Media files
(file ending with "rm") to install malicious software onto the user's computer.
The victim has just to open the manipulated multimedia file.
VLC Media Player versions prior to release 0.9.8 are affected, the BSI reports.
The software maker has fixed the problem for Version 0.9.8, but to date has only
made the source code available. All VLC Media Player users are advised to remove
the file libreal_plugin manually from the VLC plug-in installation directory.
Unfortunately, the latest version of VLC Media Player, the 0.9.8 has some severe
faults, so an upgrade seems not to be the answer.
I Bleed Blue and Gold