01-03-2007, 12:00 AM
The second one *is* Apple code.
"A format string vulnerability exists in the handling of the udp:// URL handler. By supplying a specially crafted string, a remote attacker could cause an arbitrary code execution condition, under the privileges of the user running VLC."
The Apple code dealing with the udp:// URL handler is such that a specially crafted string by a remote attacker could cause arbitrary code execution under the privileges of the user running VLC.
It's not VLC itself; it's Apple's code.
"A format string vulnerability exists in the handling of the udp:// URL handler. By supplying a specially crafted string, a remote attacker could cause an arbitrary code execution condition, under the privileges of the user running VLC."
The Apple code dealing with the udp:// URL handler is such that a specially crafted string by a remote attacker could cause arbitrary code execution under the privileges of the user running VLC.
It's not VLC itself; it's Apple's code.