VLC Media Player Libmodplug CSoundFile::ReadS3M() Function S3M File Handling Overflow
Added: 05/26/2011CVE: CVE-2011-1574
OSVDB: 72143
Background
VideoLAN VLC media player is a media player supporting various audio and video formats for multiple platforms.Problem
VLC media player is vulnerable to a stack buffer overflow because the ReadS3M() function in libmodplug fails to properly sanitize user-supplied input. A remote attack who entices a user to open a specially crafted file in the vulnerable VLC media player could potentially execute arbitrary code.Resolution
Upgrade to VLC 1.1.9 or higher.References
http://secunia.com/advisories/44054/Limitations
Exploit runs on VideoLAN VLC media player 1.1.8.Platforms
WindowsBack to exploit index