VLC Media Player MMS Stream Stack Based Buffer Overflow Vulnerability

Bugtraq ID:	53391
Class:	Boundary Condition Error
CVE:	CVE-2012-1775
Remote:	Yes
Local:	No
Published:	May 03 2012 12:00AM
Updated:	Nov 10 2014 12:57AM
Credit:	Florent Hochwelker
Vulnerable:	VideoLAN VLC media player 2.0 Gentoo Linux
Not Vulnerable:	VideoLAN VLC media player 2.0.1

VLC Media Player MMS Stream Stack Based Buffer Overflow Vulnerability

VLC media player is prone to a stack-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input.

Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

Versions prior to VLC media player 2.0.1 are vulnerable.

VLC Media Player MMS Stream Stack Based Buffer Overflow Vulnerability

The following example exploit code is available:

Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.

• /data/vulnerabilities/exploits/53391.rb

VLC Media Player MMS Stream Stack Based Buffer Overflow Vulnerability

Solution:
Updates are available. Please see the references for details.

VLC Media Player MMS Stream Stack Based Buffer Overflow Vulnerability

References:

• VLC Homepage (VideoLAN)
  
• Stack overflow in VLC MMS support (Florent Hochwelker)