Added: 12/04/2008
CVE: CVE-2008-4654
BID: 31813
OSVDB: 49181
VLC media player is a media player supporting various audio and video formats for multiple platforms.
A buffer overflow vulnerability in the parse_master function in the Ty demux plugin allows command execution when a user opens a specially crafted TiVo TY media file.
Upgrade to VLC media player 0.9.5 or higher.
<http://www.videolan.org/security/sa0809.html>
<http://archives.neohapsis.com/archives/bugtraq/2008-10/0155.html>
Exploit works on VLC media player 0.9.4 and requires a user to open the exploit file in VLC media player.
Windows 2000
Windows XP