Vigil@nce: VLC Media Player, buffer overflow via smb
October 2009 by Vigil@nce
An attacker can invite the victim to open a malicious Playlist
file with VLC Media Player in order to execute code on his
computer.
– Severity: 2/4
– Consequences: user access/rights, denial of service of client
– Provenance: document
– Means of attack: 1 attack
– Ability of attacker: technician (2/4)
– Confidence: unique source (2/5)
– Diffusion of the vulnerable configuration: high (3/3)
– Creation date: 28/09/2009
IMPACTED PRODUCTS
– Microsoft Windows - plateform
– Unix - plateform
DESCRIPTION OF THE VULNERABILITY
The VideoLAN VLC program displays multimedia documents.
A Playlist file contains a list of uris pointing to multimedia
documents.
When a "smb://" (SMB/CIFS) uri is too long, its parsing generates
a buffer overflow.
An attacker can therefore invite the victim to open a malicious
Playlist file with VLC Media Player in order to execute code on
his computer.
CHARACTERISTICS
– Identifiers: VIGILANCE-VUL-9050
– Url: http://vigilance.fr/vulnerability/VLC-Media-Player-buffer-overflow-via-smb-9050