> The article implies that VLC and the others are affected by the same issue (le... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

jbk on May 24, 2017 | parent | context | favorite | on: Malicious Subtitles Threaten Kodi, VLC and Popcorn...

> The article implies that VLC and the others are affected by the same issue (leading to code execution), but according to available information it seems to be completely different issues.

Yes, those are very different issues.

From what I understood, one is an XSS (popcorn-time), one is a heap-based buffer overflow (VLC), and one is a zip-transveral (Kodi).

And tbh, I don't see how you can exploit the bug for VLC (with ASLR and HEASLR).

pjmlp on May 24, 2017 [–]

Easy, you cannot count with an executable being always compiled and executed in an OS with ASLR and HEASLR enabled.

So it becomes a game of luck getting some users exploited.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact