The developers of the popular open source VLC player warn for a vulnerability in their software that makes it possible for an attacker to execute malicious code with user account privileges. To become a victim of such an attack, a malicious Adobe Flash file has to be opened with VLC.
The vulnerability is listed under CVE-2018-11516 and all VLC versions before version 3.0.2 are vulnerable. Simply using a vulnerable VLC version to open a malicious Adobe Flash (.SWF), or a malicious Adobe Flash based stream, is sufficient to become the victim of an attack. The malicious file or stream will trigger either a crash, or it will execute arbitrary code with user privileges.
VideoLAN, the developers of VLC warn that users should not open untrusted Adobe Flash files or streams until they've updated to VLC 3.0.2. The latest version is currently VLC 3.0.3 and it can be downloaded from the VideoLAN website. VLC also has an auto-update feature that will prompt you when there is a new version available.
