Two critical heap corruption vulnerabilities have been discovered in the
rarely used decoder for the CDG format in the VLC player. These index validation bugs could theoretically allow a maliciously crafted CDG video to corrupt the heap in a deliberate manner and potentially execute injected code.
As a response to these bugs, and a problem with the Real demuxer which could allow a remote denial of service attack, VLC V1.1.6 has been released. Other changes in V1.1.6 include faster Webm/VP8 decoding.
V1.1.5 of VLC was downloaded 58 million times since its release two months ago and the fixes are for potential exploitable vulnerabilities although no actual practical exploits have been documented. This can’t be said however for the Opera Web browser.
Back in January a bug report was posted by Jordi Chancel which identified a vulnerability in Opera’s handling of a HTML “select” element containing an overly large number of children. This bug could be exploited by remote attackers to take complete control of a vulnerable system.
It now appears that VUPEN have succeeded in using this exploit to inject and execute code. This now means that specially crafted web pages could exploit this vulnerability and infect Windows systems with malware. The bug has been confirmed in Opera 11.00 and earlier and 10.63 and earlier for Windows 7 and XP SP3. At present there’s no patch or update for the problem.