VideoLan VLC Media Player Remote Format String Vulnerability
BID:21852
Info
VideoLan VLC Media Player Remote Format String Vulnerability
| Bugtraq ID: | 21852 |
| Class: | Input Validation Error |
| CVE: |
CVE-2007-0017 |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 02 2007 12:00AM |
| Updated: | Feb 01 2007 02:28AM |
| Credit: | Kevin Finisterre is credited with the discovery of this vulnerability. |
| Vulnerable: |
VideoLAN VLC media player 0.8.6 Gentoo Linux Debian Linux 3.1 sparc Debian Linux 3.1 s/390 Debian Linux 3.1 ppc Debian Linux 3.1 mipsel Debian Linux 3.1 mips Debian Linux 3.1 m68k Debian Linux 3.1 ia-64 Debian Linux 3.1 ia-32 Debian Linux 3.1 hppa Debian Linux 3.1 arm Debian Linux 3.1 amd64 Debian Linux 3.1 alpha Debian Linux 3.1 |
| Not Vulnerable: |
VideoLAN VLC media player 0.8.6a |
Discussion
VideoLan VLC Media Player Remote Format String Vulnerability
VLC media player is prone to a remote format-string vulnerability because the application fails to properly sanitize user-supplied input before including it in the format-specifier argument of a formatted-printing function.
Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the application and to compromise affected computers.
VLC media player version 0.8.6 is vulnerable; other versions may also be affected.
VLC media player is prone to a remote format-string vulnerability because the application fails to properly sanitize user-supplied input before including it in the format-specifier argument of a formatted-printing function.
Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the application and to compromise affected computers.
VLC media player version 0.8.6 is vulnerable; other versions may also be affected.
Exploit / POC
VideoLan VLC Media Player Remote Format String Vulnerability
To exploit this issue an, attacker must entice a victim user to open a malicious media file.
The following proofs of concept are available:
To exploit this issue an, attacker must entice a victim user to open a malicious media file.
The following proofs of concept are available:
Solution / Fix
VideoLan VLC Media Player Remote Format String Vulnerability
Solution:
VideoLAN has released version 0.8.6a to address this issue. Please see the references for more information.
VideoLAN VLC media player 0.8.6
Solution:
VideoLAN has released version 0.8.6a to address this issue. Please see the references for more information.
VideoLAN VLC media player 0.8.6
-
VideoLAN vlc-0.8.6a-win32.exe
http://www.videolan.org/mirror.php?file=vlc/0.8.6a/win32/vlc-0.8.6a-wi n32.exe -
VideoLAN vlc-0.8.6a.dmg
http://www.videolan.org/mirror.html?mirror=http://downloads.videolan.o rg/pub/videolan/&file=vlc/0.8.6a/macosx/vlc-0.8.6a.dmg
References
VideoLan VLC Media Player Remote Format String Vulnerability
References:
References:
- VLC Homepage (VideoLAN)
- MOAB-02-01-2007: VLC Media Player udp:// Format String Vulnerability (Kevin Finisterre)
- Security Advisory 0701: URL format string injection in CDDA and VCDX plugins (VideoLAN)