Security Affairs
Update Now: Critical Zimbra Classic Web Client Flaw Could Expose Mailboxes|Ransomware Never Stopped: Over 9,000 Confirmed Attacks Since 2018|222 GitHub Repositories Linked to Fake Go Package Malware Operation|Former Ransomware Negotiator Sentenced to 70 Months in Prison for Secretly Helping BlackCat Gang|GigaWiper Merges Three Malware Families Into One Destructive Backdoor|INTERPOL Operation First Light Nets 5,811 Arrests and Seizes $293 Million|GodDamn Ransomware Uses PoisonX to Blind Security Software|AssuranceAmerica Breach Exposes 7 Million Driver’s Licenses After Employee Account Hack|Microsoft fixed Defender flaw RoguePlanet (CVE-2026-50656)|Fake VPN and 7-Zip Apps Turn Victims Into Residential Proxy Nodes|Ubiquiti Patches Critical UniFi OS Flaws Allowing Command Injection and Privilege Escalation|A Hacker Claims 35 GB of Accenture Source Code. The Company discloses the data breach|Update Now: Critical Zimbra Classic Web Client Flaw Could Expose Mailboxes|Ransomware Never Stopped: Over 9,000 Confirmed Attacks Since 2018|222 GitHub Repositories Linked to Fake Go Package Malware Operation|Former Ransomware Negotiator Sentenced to 70 Months in Prison for Secretly Helping BlackCat Gang|GigaWiper Merges Three Malware Families Into One Destructive Backdoor|INTERPOL Operation First Light Nets 5,811 Arrests and Seizes $293 Million|GodDamn Ransomware Uses PoisonX to Blind Security Software|AssuranceAmerica Breach Exposes 7 Million Driver’s Licenses After Employee Account Hack|Microsoft fixed Defender flaw RoguePlanet (CVE-2026-50656)|Fake VPN and 7-Zip Apps Turn Victims Into Residential Proxy Nodes|Ubiquiti Patches Critical UniFi OS Flaws Allowing Command Injection and Privilege Escalation|A Hacker Claims 35 GB of Accenture Source Code. The Company discloses the data breach|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

MPlayer and VLC media player affected by critical flaw CVE-2018-4013

Cisco Talos expert discovered a code execution vulnerability (CVE-2018-4013) that has been identified in Live Networks LIVE555 streaming media RTSPServer. Lilith Wyatt, a security researcher at Cisco Talos, has discovered a critical remote code execution vulnerability  (CVE-2018-4013) in the LIVE555 media streaming library that is used by popular media players, including VLC and MPlayer. LIVE555 […]

VLC player flaw

Cisco Talos expert discovered a code execution vulnerability (CVE-2018-4013) that has been identified in Live Networks LIVE555 streaming media RTSPServer.

Lilith Wyatt, a security researcher at Cisco Talos, has discovered a critical remote code execution vulnerability  (CVE-2018-4013) in the LIVE555 media streaming library that is used by popular media players, including VLC and MPlayer.

LIVE555 Streaming Media is a set of open-source C++ libraries maintained by Live Networks Inc. for multimedia streaming, it supports open standards such as RTP/RTCP and RTSP for streaming.
LIVE555 Streaming Media is able to process video RTP payload formats such as H.264, H.265, MPEG, VP8, and DV, and audio RTP payload formats such as MPEG, AAC, AMR, AC-3 and Vorbis.
An attacker can exploit the vulnerability by sending a specially crafted packet  containing multiple “Accept:” or “x-sessioncookie” strings that triggers a stack-based buffer overflow, resulting in code execution.

The vulnerability affects the HTTP packet parsing functionality that analyzes HTTP headers for RTSP tunneling over HTTP.

“An exploitable code execution vulnerability exists in the HTTP packet-parsing functionality of the LIVE555 RTSP server library. A specially crafted packet can cause a stack-based buffer overflow, resulting in code execution. An attacker can send a packet to trigger this vulnerability.” reads the advisory published by Talos.

The CVE-2018-4013  flaw potentially exposes millions of users of media players to cyber attacks.

The flaw affects Live Networks LIVE555 Media Server, version 0.92 and likely the earlier version of the product, a security update has already been issued to address the vulnerability.

Users of vulnerable media players are recommended to update their installs to the latest version.

Experts released the following SNORT rules to detect attempts to exploit these vulnerabilities:

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – CVE-2018-4013 VLC RCE, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]