Lucene search
SAINT CorporationSAINT:061DEE68A4E2251C722865CFA53B776CHistorySep 11, 2009 - 12:00 a.m.
VideoLAN VLC Media Player SMB Module Win32AddConnection Buffer Overflow
2009-09-1100:00:00
SAINT Corporation
www.saintcorporation.com
11
0.965 High
EPSS
Percentile
99.6%
Added: 09/11/2009
CVE: CVE-2009-2484
BID: 35500
OSVDB: 55509
Background
VLC media player is a media player supporting various audio and video formats for multiple platforms.
Problem
A stack-based buffer overflow vulnerability in the Win32AddConnection function may allow a remote attacker to execute arbitrary commands on Windows systems when a user opens a playlist file with a long smb URI (smb://).
Resolution
Apply the GIT repository patch or upgrade to a VLC media player higher than 1.0.1 when it becomes available.
References
<http://www.securityfocus.com/bid/35500>
Limitations
Exploit works on Windows XP SP3 English with DEP enabled.
It may take longer than usual to establish the connection after successful exploitation.
Platforms
Windows
Related
cvelist
cvelist
CVE-2009-2484
2009-07-16 16:00:00
debiancve
debiancve
CVE-2009-2484
2009-07-16 16:30:00
saint
saint
VideoLAN VLC Media Player SMB Module Win32AddConnection Buffer Overflow
2009-09-11 00:00:00
VideoLAN VLC Media Player SMB Module Win32AddConnection Buffer Overflow
2009-09-11 00:00:00
VideoLAN VLC Media Player SMB Module Win32AddConnection Buffer Overflow
2009-09-11 00:00:00
openvas
openvas
cve
cve
CVE-2009-2484
2009-07-16 16:30:00
ubuntucve
ubuntucve
CVE-2009-2484
2009-07-16 00:00:00
checkpoint_advisories
checkpoint_advisories
prion
prion
Stack overflow
2009-07-16 16:30:00
nvd
nvd
CVE-2009-2484
2009-07-16 16:30:00