|
|
|
|
|
|
by jdietrich
2733 days ago
|
|
|
Most police forces use VLC to view CCTV recordings and other multimedia evidence. It's an entirely logical choice of software, but it presents an obvious risk in the current climate. I would imagine that many intelligence services use VLC for similar purposes. A nation-state adversary with a VLC RCE 0day could do some serious damage; if they also have an 0day for a popular model of CCTV DVR, they've got the keys to the kingdom. Those DVRs will never get patched and a nation-state adversary could dream up all sorts of ways to induce a police officer or an intelligence agent to play a media file, but at least we can harden VLC. |
|
|
I'd never considered that an excellent media playback program would be a vector for nation state and entities with nation state capabilities.