Forum Thread: VLC 1.1.5 not detected as vulnerable

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Programs

Relating to this vendor:
VideoLAN
And, this specific program:
VLC media player 1.x

This thread has been marked as locked.
xerces8 VLC 1.1.5 not detected as vulnerable
Member 24th Jan, 2011 15:05
Ranking: 5
Posts: 27
User Since: 14th Sep, 2010
System Score: N/A
Location: SI
http://secunia.com/advisories/42773/
http://www.videolan.org/security/sa1007.html

According to above VLC 1.1.5 and earlier have a Highly critical vulnerability.
But scanning with PSI 1.5.0.2 gives no indication.

It shows it as v1.1.1.5.0 with note:
This installation of VLC media player 1.x was detected as being patched.


Shouldn't it be listed under Insecure?

Regards,
David

This user no longer exists RE: VLC 1.1.5 not detected as vulnerable
Secunia Official 24th Jan, 2011 15:58
Hi

VLC 1.1.5 is patched, since there is no patch for the vulnerability yet.

VLC does appear as "Insecure, no vendor solution" in the "Secure Browsing" menu.
(Must be manually enabled in the Secunia PSI Settings)

Did this answer your question?
xerces8 RE: VLC 1.1.5 not detected as vulnerable
Member 24th Jan, 2011 17:11
Score: 5
Posts: 27
User Since: 14th Sep 2010
System Score: N/A
Location: SI
No.

According to the listed URLs, v1.1.5 is bot patched, but vulnerably.
V 1.1.6 is patched (the latest release).

VLC appears in the Secure Browsing page since month, due to some other vulnerability.

The current vulnerability is about an exploit in Real videos, that is not related to browsing.
Was this reply relevant?
+0
-0
xerces8 RE: VLC 1.1.5 not detected as vulnerable
Member 27th Jan, 2011 19:20
Score: 5
Posts: 27
User Since: 14th Sep 2010
System Score: N/A
Location: SI
Today I run the test on another PC that has vlc 1.1.5 and now it is listed under "insecure"
Was this reply relevant?
+0
-0

This thread has been marked as locked.