VideoLAN VLC Media Player MP4_BoxDumpStructure Buffer Overflow

Added: 12/07/2009
BID: 36439
OSVDB: 58217

Background

VLC media player is a media player supporting various audio and video formats for multiple platforms.

Problem

A buffer overflow vulnerability exists in VideoLAN VLC media player due to an error when an overly deep box structure in ".mp4" files. A malicious user can exploit this vulnerability to execute arbitrary code by enticing a user to view a specially crafted file.

Resolution

Upgrade to VideoLAN VLC Media Player 1.0.2 or higher.

References

http://www.securityfocus.com/bid/36439

Limitations

Exploit works on Windows XP and Vista.
The VLC ActiveX control must be installed on the target.
The user must open the exploit page in Internet Explorer 6 or 7.

Platforms

Windows

Back to exploit index