This application requires Javascript for optimal performance.

VLC.Media.Player.SMB.Win32AddConnection.Buffer.Overflow

Release Date

Aug 27, 2009

Severity

high

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Description

This indicates an attempt to exploit a stack-based buffer overflow vulnerability in VLC media player.

This issue is caused by an error when the vulnerable software is handling overlong "smb://" uri in the xspf (XML Shareable Playlist Format ) file. It allows a remote attacker to execute arbitrary code via sending a crafted xspf file.

Affected Products

VLC Media Player version 0.9.9 and prior (Windows)

Recommended Actions

Apply patch,available from the web site.
http://git.videolan.org/?p=vlc.git;a=commit;h=e60a9038b13b5eb805a76755efc5c6d5e080180f

Coverage

IPS
VCM

Reference/s

http://www.milw0rm.com/exploits/9318
http://www.milw0rm.com/exploits/9303
http://www.milw0rm.com/exploits/9029
http://www.securityfocus.com/bid/35500 (BugTraq)
http://www.frsirt.com/english/advisories/2009/1714 (FrSIRT)

Reference: VID-17548