Added: 05/09/2012
CVE: CVE-2012-1775
BID: 53391
OSVDB: 80188
VLC media player is a media player supporting various audio and video formats for multiple platforms.
VLC Player versions 2.0.0 and lower do not properly validate the hostname when accessing MMS URIs. An overly long hostname may trigger a stack overflow. If a user were to view a malicious web page that contained a specially crafted MMS URI, it could allow an attacker to gain execution privileges on the userβs system.
Upgrade to VLC 2.0.1 or later.
<http://www.videolan.org/security/sa1201.html>
This exploit has been tested against VideoLAN VLC Media Player 2.0.0 on Windows XP SP3 English (DEP OptIn), using Internet Explorer 7.
Windows