VLC Player Vulnerability Exploit | CVE-2019-5439

VideoLAN released version 3.0.7 including 33 fixes for security fixes including 2 high security issues. The most severe issue, CVE-2019-5439 can allow attackers to gain access to and control of the devices based on the user rights running VLC Player.

CVE-2019-5439, one of the high security issues, is a buffer overflow issue that can be further exploited up to a point where remote code execution exploit is possible. This could result into an attacker installing programs, view, change or delete data and even create new user accounts with full user rights. However, the amount of access an attacker could have is depended on the security context VLC Player is run in. Meaning a user with fewer rights will reduce the access a successful attacker can have performing an arbitrary code execution.

There is a critical remote code execution vulnerability in the LIVE555 media streaming library of VLC player. Via this way, hackers who are up to no good could use an exploitable code execution vulnerability that exists in the HTTP packet-parsing functionality. It is important to update all the VLC player software on your assets to version 3.0.7. Although VLC is a very popular free media player, and often used as an alternative to Windows Media Player and other media playing tools included in Windows over the years, it’s also had its fair share of security problems.

Find All Vulnerable VLC Player Installations
With the Lansweeper asset management software, you can scan your whole IT inventory and analyze it to see which devices run the old version of VLC. Via the Lansweeper software, you can update every machine that is infected. If you do have VLC Player in your environment, which is very likely. It is highly recommended to update VLC Player to version 3.0.7 or higher to prevent any chance of being exposed to this vulnerability. Our custom color-coded vulnerability report can tell you in no time which devices have a vulnerable VLC Player version and need to be patched.

If you haven't already, start your free Lansweeper trial and get a report of all affected devices in no time.

Lansweeper enables you to manages your entire IT network, saving an incredible amount of time by automating key tasks. It features best in class fully automatic asset scanning and network inventory software, to keep you on top of your IT-environment. Recommended by sysadmins all over the world, download your Lansweeper free trial today and start managing your IT assets the right way.

Useful Links

Let’s Connect