Full Disclosure mailing list archives
Re: 0day Vulnerability in VLC (this is my first release of the vuln anywhere)
From: kaveh ghaemmaghami <kavehghaemmaghami () googlemail com>
Date: Mon, 22 Apr 2013 19:30:40 +0430
That was my mistake (publicly disclosure issues before notifying to the vendor ) hope you don't wanna experience my mistake you can also report to vul () secunia com for your discovery and coordination on your behalf Regards Kaveh On Mon, Apr 22, 2013 at 7:18 PM, Henri Salo <henri () nerv fi> wrote:
On Mon, Apr 22, 2013 at 07:31:07AM -0400, jay van wrote:if VLC media player is launched in QT mode and the user is on windows NT (any version of windows so far as tested) connected to the internet there is a vulnerability in the handling of unicast packets. The Proof ofconceptcode is in development and should be ready for publishing within thenext 2weeks. More in depth vulnerability information will be released with the proof of concept. This is a joint effort (the POC (proof of concept) code and vuln discovery) by 2 security firms. 4sData IT solutions and another firm that would like to remain nameless for the time being. This vulnerability exposes almost everyone using VLC media player (unless on linux systems and thats just because of the lack of testing so far may still be found to be exposed.). Thank you for your time and if interested please respond and let me know,. - Jay @ 4sData-IT-Solutions (www.4sdata.com - comingsoon)P.S. Launching 4sData this week to coincide with the VLC vuln.Please follow responsible disclosure and report issues first to the vendor and go public after waiting for a fix (or no reply). VLC usually replies to important issues very fast. Please contact me in case you need a hand in communication. --- Henri Salo -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAlF1TbYACgkQXf6hBi6kbk/OewCfcW7p+d1HM1K1w8TAWYRsjxm0 26AAnjGT+Xa9ITojsYqkh+zfn0fSfDCi =QJMP -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- 0day Vulnerability in VLC (this is my first release of the vuln anywhere) jay van (Apr 22)
- Re: 0day Vulnerability in VLC (this is my first release of the vuln anywhere) Henri Salo (Apr 22)
- Re: 0day Vulnerability in VLC (this is my first release of the vuln anywhere) kaveh ghaemmaghami (Apr 22)
- Re: 0day Vulnerability in VLC (this is my first release of the vuln anywhere) Georgi Guninski (Apr 23)
- Re: 0day Vulnerability in VLC (this is my first release of the vuln anywhere) Henri Salo (Apr 23)
- Re: 0day Vulnerability in VLC (this is my first release of the vuln anywhere) Gregory Boddin (Apr 23)
- Re: 0day Vulnerability in VLC (this is my first release of the vuln anywhere) Georgi Guninski (Apr 23)
- Re: 0day Vulnerability in VLC (this is my first release of the vuln anywhere) Gregory Boddin (Apr 23)
- Re: 0day Vulnerability in VLC (this is my first release of the vuln anywhere) Benji (Apr 23)
- Re: 0day Vulnerability in VLC (this is my first release of the vuln anywhere) dawg (Apr 23)
- Re: 0day Vulnerability in VLC (this is my first release of the vuln anywhere) Georgi Guninski (Apr 23)
- Re: 0day Vulnerability in VLC (this is my first release of the vuln anywhere) Gregory Boddin (Apr 23)
- Re: 0day Vulnerability in VLC (this is my first release of the vuln anywhere) Georgi Guninski (Apr 24)
- Re: 0day Vulnerability in VLC (this is my first release of the vuln anywhere) Henri Salo (Apr 22)