Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

VLC 2.1.3 - (.avs file) Crash PoC

🗓️ 01 Jul 2014 00:00:00Reported by RootType 
seebug
 seebug🔗 www.seebug.org👁 8 Views

VLC 2.1.3 WriteAV Vulnerability, (.avs file) Crash PoC, Impact Med/High, Windows 7 64 bit

Code

                                                # Exploit Title:  VLC  2.1.3  WriteAV Vulnerability, Decoders
# Date: 2014/02/20
# Exploit Author: kw4
# Software Link: http://www.videolan.org/vlc/index.html
# Version: 2.1.3
# Impact Med/High
# Tested on: Windows 7 64 bits

Memory corruption when VLC tries to load crafted .avs files.

(2b10.2750): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
eax=1a6fdbf8 ebx=15778b88 ecx=00000310 edx=1a2843c0 esi=1a284360
edi=00000311
eip=540716b4 esp=1b34fd50 ebp=00000480 iopl=0         nv up ei pl nz na po
nc

HostMachine\HostUser
Executing Processor Architecture is x86
Debuggee is in User Mode
Debuggee is a live user mode debugging session on the local machine
Event Type: Exception
Exception Faulting Address: 0x1a285000
First Chance Exception Type: STATUS_ACCESS_VIOLATION (0xC0000005)
Exception Sub-Type: Write Access Violation

Faulting Instruction:540716b4 fstp dword ptr [edx+ecx*4]

Exception Hash (Major/Minor): 0xf1ffd179.0x98f1d37c

 Hash Usage : Stack Trace:
Major+Minor : libmpgatofixed32_plugin+0x16b4
Major+Minor : libvlccore!vlc_getProxyUrl+0x411
Major+Minor : libvlccore!aout_FiltersPlay+0x7a
Major+Minor : libvlccore!aout_CheckChannelExtraction+0x17f3
Major+Minor : libvlccore!input_Control+0x1431
Minor       : libvlccore!input_Control+0x1708
Minor       : libvlccore!input_Control+0x33c5
Minor       : ntdll!RtlImageNtHeader+0x30e
Minor       : libvlccore!vlc_threadvar_set+0x24
Minor       : libvlccore!vlc_threadvar_delete+0x128
Minor       : msvcrt!endthreadex+0x6c
Minor       : kernel32!BaseThreadInitThunk+0x12
Excluded    : ntdll!RtlInitializeExceptionChain+0x63
Excluded    : ntdll!RtlInitializeExceptionChain+0x36
Instruction Address: 0x00000000540716b4

Description: User Mode Write AV
Short Description: WriteAV
Exploitability Classification: EXPLOITABLE
Exploitable - User Mode Write AV starting at
libmpgatofixed32_plugin+0x00000000000016b4 (Hash=0xf1ffd179.0x98f1d37c)


0:010> kd
176efd68  00000102
176efd6c  573a5f11 libvlccore!vlc_getProxyUrl+0x411
176efd70  00000001
176efd74  7efde000
176efd78  176efd98
176efd7c  1a1d2fc8
176efd80  1a1d2fd8
176efd84  00000001
176efd88  00000001
176efd8c  5737dcca libvlccore!aout_FiltersPlay+0x7a
176efd90  15a9cd44
176efd94  1a16ab88
176efd98  00000002
176efd9c  00000000
176efda0  00000000
176efda4  00002710
176efda8  00000000
176efdac  1a16ab88
176efdb0  000283e4
176efdb4  000003e8


Exploit-DB mirror: http://www.exploit-db.com/sploits/31899.avs

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
01 Jul 2014 00:00Current
7.1High risk
Vulners AI Score7.1
vlc 2.1.3writeavvulnerability.avs filecrashpocimpactmed/highwindows 7 64 bitsmemory corruption
8