What's VLC?

VLC is a popular cross-platform media player with a large library of codecs. It can be run as a browser plug-in. For more information, see http://www.videolan.org/vlc/.

Why cover VLC?

Since VLC can be run as a browser plug-in, it presents a significant attack surface. Through libraries such as PluginDetect, a malicious website can determine if a user is running a vulnerable version of VLC. Furthermore, there are several publicly-available exploits for vulnerabilities in older VLC versions. Since VLC will inform the user that updates are available but will not automatically download and install them, users may easily be running vulnerable VLC instances which a malicious web site can automatically detect and exploit.

We are indebted to Chester Wisniewski for this observation, which he made in his talk, "Inside the Black Hole Exploit Kit (BHEK)" at SecTor 2012.

Great! How do I use this new coverage?

All VLC checks are authenticated, so you must provide credentials. On supported Linux distributions, coverage is provided by checks based on the vendors' advisories which look at the RPM or DEB package version. On Windows and Mac OS X, include the new "VideoLAN VLC" category in your scan template to run these checks.