VideoLAN VLC Media Player MMS URI Stack Overflow

2012-05-09T00:00:00
ID SAINT:F7940C4008BBDAB6FD9DE9E965AF7233
Type saint
Reporter SAINT Corporation
Modified 2012-05-09T00:00:00

Description

Added: 05/09/2012
CVE: CVE-2012-1775
BID: 53391
OSVDB: 80188

Background

VLC media player is a media player supporting various audio and video formats for multiple platforms.

Problem

VLC Player versions 2.0.0 and lower do not properly validate the hostname when accessing MMS URIs. An overly long hostname may trigger a stack overflow. If a user were to view a malicious web page that contained a specially crafted MMS URI, it could allow an attacker to gain execution privileges on the user's system.

Resolution

Upgrade to VLC 2.0.1 or later.

References

<http://www.videolan.org/security/sa1201.html>

Limitations

This exploit has been tested against VideoLAN VLC Media Player 2.0.0 on Windows XP SP3 English (DEP OptIn), using Internet Explorer 7.

Platforms

Windows