Added: 09/11/2009
CVE: CVE-2009-2484
BID: 35500
OSVDB: 55509
VLC media player is a media player supporting various audio and video formats for multiple platforms.
A stack-based buffer overflow vulnerability in the Win32AddConnection function may allow a remote attacker to execute arbitrary commands on Windows systems when a user opens a playlist file with a long smb URI (smb://).
Apply the GIT repository patch or upgrade to a VLC media player higher than 1.0.1 when it becomes available.
<http://www.securityfocus.com/bid/35500>
Exploit works on Windows XP SP3 English with DEP enabled.
It may take longer than usual to establish the connection after successful exploitation.
Windows