VLC媒体播放器多个插件格式串处理漏洞

临时解决方法：

* 从VLC插件access目录中手动删除受影响的插件，相关文件名如下：

Microsoft Windows

codec/libvorbis_plugin.dll, codec/libtheora_plugin.dll and access/libcdda_plugin.dll

Apple MacOS X

codec/libvorbis_plugin.dylib, codec/libtheora_plugin.dylib and access/libcdda_plugin.dylib

其他(Linux、BSD..)

codec/libvorbis_plugin.so, codec/libtheora_plugin.so and access/libcdda_plugin.so(通常位于/usr/lib或/usr/local/lib)

目前厂商已经发布了升级补丁以修复这个安全问题，补丁下载链接：

VideoLAN

--------

http://www.videolan.org/vlc/

来源: US-CERT

名称: VU#200928

链接:http://www.kb.cert.org/vuls/id/200928

来源: www.videolan.org

链接:http://www.videolan.org/sa0702.html

来源: VUPEN

名称: ADV-2007-2262

链接:http://www.frsirt.com/english/advisories/2007/2262

来源: SECUNIA

名称: 25753

链接:http://secunia.com/advisories/25753

来源: BID

名称: 24555

链接:http://www.securityfocus.com/bid/24555

来源: BUGTRAQ

名称: 20070621 VLC 0.8.6b format string vulnerability & integer overflow

链接:http://www.securityfocus.com/archive/1/archive/1/471933/100/0/threaded

来源: MISC

链接:http://www.isecpartners.com/advisories/2007-001-vlc.txt

来源: DEBIAN

名称: DSA-1332

链接:http://www.debian.org/security/2007/dsa-1332

来源: GENTOO

名称: GLSA-200707-12

链接:http://security.gentoo.org/glsa/glsa-200707-12.xml

来源: SECUNIA

名称: 26269

链接:http://secunia.com/advisories/26269

来源: SECUNIA

名称: 25980

链接:http://secunia.com/advisories/25980