Release DateAug 27, 2009 |
Severityhigh |
ImpactSystem Compromise: Remote attackers can gain control of vulnerable systems. |
DescriptionThis indicates an attempt to exploit a stack-based buffer overflow vulnerability in VLC media player.This issue is caused by an error when the vulnerable software is handling overlong "smb://" uri in the xspf (XML Shareable Playlist Format ) file. It allows a remote attacker to execute arbitrary code via sending a crafted xspf file. |
Affected ProductsVLC Media Player version 0.9.9 and prior (Windows) |
Recommended ActionsApply patch,available from the web site.http://git.videolan.org/?p=vlc.git;a=commit;h=e60a9038b13b5eb805a76755efc5c6d5e080180f |
Coverage IPS
VCM |
Reference/shttp://www.milw0rm.com/exploits/9318http://www.milw0rm.com/exploits/9303 http://www.milw0rm.com/exploits/9029 http://www.securityfocus.com/bid/35500 (BugTraq) http://www.frsirt.com/english/advisories/2009/1714 (FrSIRT) |
