Security hole in VLC Player

The popular open-source media player known as the VLC Player is found to have a security hole exploitable by arbitrary code.

Torrent-watching Web site TorrentFreak is reporting a major security hole in the popular open-source media player VideoLAN, also known as the VLC Player (download for Windows and Mac. "The reported vulnerability makes it possible for a malicious user to run arbitrary code, potentially taking remote control of the host machine," according to TorrentFreak.

The hole gets exploited from a subtitle file buffer overflow, and it's platform independent--meaning it could strike users of Mac and Linux operating systems, as well as Windows fans. VLC users who avoid subtitle files won't face any problems. Another solution is to use the nightly builds, although those are less stable than the supported release.

VLC is popular for being a lightweight player that comes with nearly every codec imaginable, making it an excellent player to handle whatever video format you might be downloading from the Web or torrenting.

There has been no word as to whether this affects the portable version of the player, nor has there been an announcement concerning a security patch or a product upgrade at the time of writing.