VLC media player TY file parse_master buffer overflow
Added: 12/04/2008CVE: CVE-2008-4654
BID: 31813
OSVDB: 49181
Background
VLC media player is a media player supporting various audio and video formats for multiple platforms.Problem
A buffer overflow vulnerability in the parse_master function in the Ty demux plugin allows command execution when a user opens a specially crafted TiVo TY media file.Resolution
Upgrade to VLC media player 0.9.5 or higher.References
http://www.videolan.org/security/sa0809.htmlhttp://archives.neohapsis.com/archives/bugtraq/2008-10/0155.html
Limitations
Exploit works on VLC media player 0.9.4 and requires a user to open the exploit file in VLC media player.Platforms
Windows 2000Windows XP
Back to exploit index