A vulnerability has been identified in VLC Media Player, which could be exploited by attackers to compromise a vulnerable system. This issue is caused by a buffer overflow error in the "Win32AddConnection()" [modules/access/smb.c] function when processing a specially crafted "smb://" URI within a playlist, which could be exploited by attackers to crash an affected player or compromise a vulnerable Windows system.

Affected Products

VLC Media Player version 0.9.9 and prior (Windows)

Solution

Apply patch :
http://git.videolan.org/?p=vlc.git;a=commit;h=e60a9038b13b5eb805a76755efc5c6d5e080180f

References

http://www.vupen.com/english/advisories/2009/1714
http://git.videolan.org/?p=vlc.git;a=commit;h=e60a9038b13b5eb805a76755efc5c6d5e080180f
http://www.metasploit.com/redmine/projects/framework/repository/revisions/8475

In-depth Binary Analysis

Available in customer area as part of VUPEN Binary Analysis & Exploits Service and VUPEN Vulnerability Notification Service Ultimate Feed Edition.
 

Private Exploit or PoC

Available in customer area as part of VUPEN Binary Analysis & Exploits Service and VUPEN Vulnerability Notification Service Ultimate Feed Edition.
 

Public Exploit or PoC

Available in customer area as part of VUPEN Vulnerability Notification Service.
 

Credits

Vulnerability reported by the vendor.

Changelog

2009-06-29 : Initial release
2009-06-29 : Updated Description

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form.