01-03-2007, 12:29 AM
[quote elmo3]The second one *is* Apple code.
"A format string vulnerability exists in the handling of the udp:// URL handler. By supplying a specially crafted string, a remote attacker could cause an arbitrary code execution condition, under the privileges of the user running VLC."
The Apple code dealing with the udp:// URL handler is such that a specially crafted string by a remote attacker could cause arbitrary code execution under the privileges of the user running VLC.
It's not VLC itself; it's Apple's code.
Did you miss this part?
Affected versions
This issue has been successfully exploited in VLC version 0.8.6 for Mac OS X. Previous versions and other platforms might be affected (thanks to David Maynor for confirming the issue in the Microsoft Windows version).
If it's Apple's code, why does the exploit also apply to Windows?
And if uninstalling VLC is a fix for this situation, how does that not make it a VLC issue?
"A format string vulnerability exists in the handling of the udp:// URL handler. By supplying a specially crafted string, a remote attacker could cause an arbitrary code execution condition, under the privileges of the user running VLC."
The Apple code dealing with the udp:// URL handler is such that a specially crafted string by a remote attacker could cause arbitrary code execution under the privileges of the user running VLC.
It's not VLC itself; it's Apple's code.
Did you miss this part?
Affected versions
This issue has been successfully exploited in VLC version 0.8.6 for Mac OS X. Previous versions and other platforms might be affected (thanks to David Maynor for confirming the issue in the Microsoft Windows version).
If it's Apple's code, why does the exploit also apply to Windows?
And if uninstalling VLC is a fix for this situation, how does that not make it a VLC issue?