Latest VLC version has dangerous hole

[Ink]

The developers of the VLC video player have warned of a crashing bug in the latest 2.0.5 version of the application, which might be exploited to execute arbitrary code. The issue is a problem in the ASF demuxer (libasf_plugin.*), which can be tricked into overflowing a buffer with a specially crafted ASF movie. The developers note that users would have to open that specially crafted file to be vulnerable and advise users to not open files from untrusted third parties or untrusted sites.

Source : H-Online.com

 

[McLovin]

Good thing I'm using WMP at the moment. Thanks for the heads up anyway.

 

[Jack]

Good thing I'm using WMP at the moment. Thanks for the heads up anyway.

I never understood why VLC is so popular... A lot of my friends have or heard about VLC.
Does VLC use auto-update or user need to search for the update?

 

[WinAndLinuxTutorials]

Good thing I'm using WMP at the moment. Thanks for the heads up anyway.

I never understood why VLC is so popular... A lot of my friends have or heard about VLC.
Does VLC use auto-update or user need to search for the update?

It has a pop up dialog when you start it up telling you whether to update or not. Anyway with Secunia PSI I remember it is going to be automatically updated.

 

[McLovin]

I never understood why VLC is so popular... A lot of my friends have or heard about VLC.

VLC is good, because there are videos that I've obtained that are able to be played in WMP, just I see no point installing when you can just use WMP for most of people's daily needs.