Lucene search

K
saintSAINT CorporationSAINT:F7940C4008BBDAB6FD9DE9E965AF7233
HistoryMay 09, 2012 - 12:00 a.m.

VideoLAN VLC Media Player MMS URI Stack Overflow

2012-05-0900:00:00
SAINT Corporation
www.saintcorporation.com
27

EPSS

0.964

Percentile

99.6%

Added: 05/09/2012
CVE: CVE-2012-1775
BID: 53391
OSVDB: 80188

Background

VLC media player is a media player supporting various audio and video formats for multiple platforms.

Problem

VLC Player versions 2.0.0 and lower do not properly validate the hostname when accessing MMS URIs. An overly long hostname may trigger a stack overflow. If a user were to view a malicious web page that contained a specially crafted MMS URI, it could allow an attacker to gain execution privileges on the user’s system.

Resolution

Upgrade to VLC 2.0.1 or later.

References

<http://www.videolan.org/security/sa1201.html&gt;

Limitations

This exploit has been tested against VideoLAN VLC Media Player 2.0.0 on Windows XP SP3 English (DEP OptIn), using Internet Explorer 7.

Platforms

Windows