Forum Thread: VLC media player

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
PSI

This thread has been marked as locked.
bromberg VLC media player
Member 5th Jan, 2009 06:29
Ranking: 0
Posts: 20
User Since: 1st Dec, 2008
System Score: N/A
Location: N/A
Secunia is reporting that my VLC player is a threat. It was recommended to me by HP support to overcome a problem with Vista 64 bit not playing AVI files and I see that other forum members are having the same issue. How long does it take for Secunia to fix their software in response to false positives?
Thanks,
Dan

AlfredP RE: VLC media player
Member 6th Jan, 2009 20:59
Score: 0
Posts: 1
User Since: 30th Dec 2008
System Score: N/A
Location: N/A
Hey Dan,

Why don't you check the exact file name and path of the file that Secunia PSI is reporting about, then compare it's version with the advisory against it, then check to see if there's an updated VLC file available, and only when all this fails, come back here to complain.
Was this reply relevant?
+0
-0
Tarq57 RE: VLC media player
Member 6th Jan, 2009 22:39
Score: 16
Posts: 106
User Since: 20th Dec 2007
System Score: N/A
Location: NZ
Actually, I have read on another security forum within the last few weeks that there was indeed a vulnerability within the VLC player. Can't remember the source, then, but here are a few links that appear to confirm it.
http://www.ghacks.net/2008/03/19/vlc-player-vulner...
http://www.heise-online.co.uk/security/VLC-Media-P...
http://blogs.zdnet.com/security/?p=2140
Don't be too quick to point fingers when something appears wrong. Sometimes something really is wrong. Let Google be your friend.

--
Windows XP Home 32, SP3- patched as they are released, AMD 3500+, 2G RAM, avast 8.0, Autorun Eater, Secunia PSI.
Was this reply relevant?
+0
-0
bromberg RE: VLC media player
Member 7th Jan, 2009 08:14
Score: 0
Posts: 20
User Since: 1st Dec 2008
System Score: N/A
Location: N/A
Apologies if I came across as complaining since I am most appreciative of the Secunia service.

I did compare the path that Secunia is reporting on and it is consistent with where I installed the latest release [0.9.8a] of my VLC player.

What to do - just ignore this false positive message?

Dan
Was this reply relevant?
+0
-0
bromberg RE: VLC media player
Member 7th Jan, 2009 08:31
Score: 0
Posts: 20
User Since: 1st Dec 2008
System Score: N/A
Location: N/A
I am running VLC 0.9.8a and the links you provided are for older VLC releases where there was a vulnerability.

Thanks anyway.
Dan
Was this reply relevant?
+0
-0
Tarq57 vlc
Member 7th Jan, 2009 09:13
Score: 16
Posts: 106
User Since: 20th Dec 2007
System Score: N/A
Location: NZ
Last edited on 7th Jan, 2009 09:14
deleted


--
Windows XP Home 32, SP3- patched as they are released, AMD 3500+, 2G RAM, avast 8.0, Autorun Eater, Secunia PSI.
Was this reply relevant?
+0
-0
Tarq57 RE: VLC media player
Member 7th Jan, 2009 09:13
Score: 16
Posts: 106
User Since: 20th Dec 2007
System Score: N/A
Location: NZ
Try rescanning the application. Button is third from the left, at the bottom.

--
Windows XP Home 32, SP3- patched as they are released, AMD 3500+, 2G RAM, avast 8.0, Autorun Eater, Secunia PSI.
Was this reply relevant?
+0
-0
edbett RE: VLC media player
Member 15th Apr, 2009 19:07
Score: 0
Posts: 1
User Since: 20th Feb 2008
System Score: N/A
Location: N/A
The problem with PSI detecting the wrong version of VLC media player has not been fixed. After many frustrating attempts to fix a non-existent problem, I've finally learned just to re-scan the program, and it always shows as OK. Please, Secunia, your otherwise excellent program is making a simple mistake with VLC. Fix it..

Was this reply relevant?
+0
-0
SisterIrene RE: VLC media player
Member 8th Oct, 2009 15:48
Score: 0
Posts: 1
User Since: 9th Apr 2009
System Score: N/A
Location: N/A
My VLC media player 1.x is showing as a security threat. It continues to show after downloading the prescribed solution and rescanning. Any suggestions? Thank you!
Was this reply relevant?
+0
-0
This user no longer exists RE: VLC media player
Secunia Official 12th Oct, 2009 15:13
Hi

I tried to troubleshoot the issue some of you have with VLC 1.x

Using Windows Vista Business 32bit as a test system

1. Downloaded and installed VLC 1.0.0.0
2. The PSI's monitoring feature detected the insecure VLC.
3. Used the Solution link in the PSI and downloaded the VLC 1.0.2.0
4. Completed the installation process and rescanned with the PSI
5. The PSI removed VLC from "Insecure" and VLC could now be found in "Patched".

It looks like our detection rule for VLC is correct, but some of you might have trouble with the installation/updating process.

I often have better luck with a clean install rather than updating.
(Often mysterious things happen after multiple updates)


--
Kind regards,

Morten Hansen
Secunia PSI Support

Secunia PSI
http://secunia.com/vulnerability_scanning/personal
RossU RE: VLC media player
Member 12th Oct, 2009 20:00
Score: 0
Posts: 2
User Since: 22nd Sep 2009
System Score: N/A
Location: N/A
Hello,

I've downloaded version 1.0.2Goldeneye at least 2 times. The second time I deleted the 1.0.2 version I had on my laptop before loading the new one.
I ended and restarted PSI each time.

The 1.0.2 version of VLC keeps getting flagged by by in both a system scan and an individual program scan as version 1.0.1 ???

Any direction or thoughts would be appreciated.
Was this reply relevant?
+0
-0
This user no longer exists RE: VLC media player
Member 13th Oct, 2009 19:18
Hi Rossu
Some progs won't unistall complitely.
Download REVO Uninstaller (It's FREE)and execute the uninstall of the stuborn prog.
reboot to complete the uninstall and then install the program,then rescan with PSI to see what's left in the insecure progs.
Wish that help to resolve your problems.
Was this reply relevant?
+0
-0
RossU RE: VLC media player
Member 24th Oct, 2009 16:36
Score: 0
Posts: 2
User Since: 22nd Sep 2009
System Score: N/A
Location: N/A
Thanks for the info jeangeorges and forgive the very late reply.

However, I wanted to close this off as maybe someone else wold have made the same mistake as I did. I found the back level VLC as well as some other programs in my trash bin. They warnings were eliminated when I emptied the bin. I'm sure that I should have read that somewhere or just looked more closely at the path info on the programs.
Was this reply relevant?
+0
-0
Batnet RE: VLC media player
Member 22nd Nov, 2009 15:41
Score: 0
Posts: 2
User Since: 26th Jan 2009
System Score: N/A
Location: N/A
VLC Media Player has just started to show up as a problem on my system.
I followed the advice set out above and deleted the program with Revo, emptied the re-cycle bin and re-booted the system. Even with no VLC program present a re-scan of the system still shows the VLC Media Player as being in need of an update. I have since installed the latest version (1.0.3)and done another scan but it's still coming up as a problem. Any ideas on how to stop this program being reported as a problem? Thanks.
Was this reply relevant?
+0
-0
Maurice Joyce RE: VLC media player
Handling Contributor 22nd Nov, 2009 16:39
Score: 12325
Posts: 9,575
User Since: 4th Jan 2009
System Score: N/A
Location: UK
FINDING A VULNERABILITY FILE PATH
=================================

To locate the exact file that the Secunia PSI has detected, use or switch to the ADVANCED interface, then :

1 Click on the + sign of the programme to "expand' it.
2 Click on Technical Details in the Toolbox to see the installation path of the detected file. (Copy (CTRL+C) & paste (CTRL+V) the Installation Path of the file back to the Forum if U are unsure what to do next)).



--
Maurice

Microsoft Surface 4 Intel i7 64Bit
Windows 10 Pro version 1809 Build 17763.404
16 GB RAM
IE & Edge Only
Was this reply relevant?
+0
-0
Batnet RE: VLC media player
Member 22nd Nov, 2009 19:45
Score: 0
Posts: 2
User Since: 26th Jan 2009
System Score: N/A
Location: N/A
Thanks for the reply. The problem was being caused by an earlier version of the Player that was embeded within another program. I deleted that program and the problem is solved.

Thanks once again for your help.
Was this reply relevant?
+0
-0

This thread has been marked as locked.