9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.965 High
EPSS
Percentile
99.6%
Added: 09/11/2009
CVE: CVE-2009-2484
BID: 35500
OSVDB: 55509
VLC media player is a media player supporting various audio and video formats for multiple platforms.
A stack-based buffer overflow vulnerability in the Win32AddConnection function may allow a remote attacker to execute arbitrary commands on Windows systems when a user opens a playlist file with a long smb URI (smb://).
Apply the GIT repository patch or upgrade to a VLC media player higher than 1.0.1 when it becomes available.
<http://www.securityfocus.com/bid/35500>
Exploit works on Windows XP SP3 English with DEP enabled.
It may take longer than usual to establish the connection after successful exploitation.
Windows