| Name | VLC.Media.Player.SMB.Win32AddConnection.Buffer.Overflow |
| Last Updated Date | Jan 28, 2010 |
| Release Date | Aug 27, 2009 |
| Severity | High |
| Impact | System Compromise: Remote attackers can gain control of vulnerable systems. |
| Description | This indicates an attempt to exploit a stack-based buffer overflow vulnerability in VLC media player.
This issue is caused by an error when the vulnerable software is handling overlong "smb://" uri in the xspf (XML Shareable Playlist Format ) file. It allows a remote attacker to execute arbitrary code via sending a crafted xspf file. |
| Affected Products | VLC Media Player version 0.9.9 and prior (Windows) |
| Recommended Actions | Apply patch,available from the web site. http://git.videolan.org/?p=vlc.git;a=commit;h=e60a9038b13b5eb805a76755efc5c6d5e080180f |
| Reference/s | http://www.securityfocus.com/bid/35500 (BugTraq) http://www.vupen.com/english/advisories/2009/1714 (FrSIRT) http://www.milw0rm.com/exploits/9029 http://www.milw0rm.com/exploits/9303 http://www.milw0rm.com/exploits/9318
|