MA-283.072011 : MyCERT Alert – Multiple Critical Vulnerabilities in VideoLAN Client (VLC) Media Player
Date of publication: 2011-07-15
Multiple critical vulnerabilities (CVE-2011-2587 and CVE-2011-2588) have been identified in VideoLAN Client (VLC) Media Player version 1.1.10 and below. The vulnerability exists in the Real Media file parser  and AVI file parser  of VLC.
An attacker who successfully exploits these vulnerabilities will be able to execute codes remotely and gain the same privilege as the user. Unsuccessful attacks may cause denial-of-service (DoS) outcomes.
3.0 Affected Products
VLC media player 1.1.10 and earlier
- 4.1 Update to the latest version of VLC Media Player (1.1.11)
- 4.2 Users who unable to perform the update are recommended to refrain from opening files from untrusted third parties or accessing untrusted remote sites (or disable the VLC browser plugins), until the patch is applied.
MyCERT would like to advise the users to be vigilant of the latest security announcements by the vendors and ensure that their applications are updated.
Users may also consider using a vulnerability management tool such as Secunia to ensure that all applications are updated:
MyCERT can be reached through the following channels for further assistance:
E-mail : firstname.lastname@example.org
Phone : 1-300-88-2999 (monitored during business hours)
Fax : +603 89453442
Handphone : +60 19 2665850 (24x7 call incident reporting)
SMS : CYBER999 REPORT to 15888
Business Hours : Mon - Fri 08:30 -17:30 MYT