{"enchantments": {"score": {"value": 0.9, "vector": "NONE", "modified": "2016-10-03T15:01:58", "rev": 2}, "dependencies": {"references": [], "modified": "2016-10-03T15:01:58", "rev": 2}, "vulnersScore": 0.9}, "reporter": "SAINT Corporation", "id": "SAINT:1B8AFD91AA9AEEBE434B4E9D8EB7B2F0", "cvss": {"score": 0.0, "vector": "NONE"}, "published": "2009-12-07T00:00:00", "bulletinFamily": "exploit", "viewCount": 3, "modified": "2009-12-07T00:00:00", "references": [], "cvelist": [], "description": "Added: 12/07/2009 \nBID: [36439](<http://www.securityfocus.com/bid/36439>) \nOSVDB: [58217](<http://www.osvdb.org/58217>) \n\n\n### Background\n\n[VLC media player](<http://www.videolan.org/vlc/>) is a media player supporting various audio and video formats for multiple platforms. \n\n### Problem\n\nA buffer overflow vulnerability exists in VideoLAN VLC media player due to an error when an overly deep box structure in \".mp4\" files. A malicious user can exploit this vulnerability to execute arbitrary code by enticing a user to view a specially crafted file. \n\n### Resolution\n\nUpgrade to VideoLAN VLC Media Player 1.0.2 or higher. \n\n### References\n\n<http://www.securityfocus.com/bid/36439> \n\n\n### Limitations\n\nExploit works on Windows XP and Vista. \nThe VLC ActiveX control must be installed on the target. \nThe user must open the exploit page in Internet Explorer 6 or 7. \n\n### Platforms\n\nWindows \n \n\n", "type": "saint", "href": "http://www.saintcorporation.com/cgi-bin/exploit_info/vlc_mp4_boxdumpstructure", "lastseen": "2016-10-03T15:01:58", "edition": 1, "title": "VideoLAN VLC Media Player MP4_BoxDumpStructure Buffer Overflow", "immutableFields": []}

{}