VLC Media Player Subtitle StripTags() Function Memory Corruption

2011.02.09
Credit: Harry Sintonen
Risk: High
Local: No
Remote: Yes
CVE: CVE-2011-0522
CWE: CWE-119


CVSS Base Score: 6.8/10
Impact Subscore: 6.4/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

Source: http://www.securityfocus.com/bid/46008/info VLC media player is prone to a heap-based memory-corruption vulnerability. Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions. An attacker can exploit this issue by enticing an unsuspecting user to open a malicious media file containing malicious subtitles with the vulnerable application. The following proof-of-concept commands are available: 1. echo -ne '<foo\0crashme' | dd conv=notrunc bs=1 seek=877862 \ of=refined-australia-blu720p-sample.mkv 2. vlc --sub-language English refined-australia-blu720p-sample.mkv

References:

http://www.openwall.com/lists/oss-security/2011/01/25/9
http://www.openwall.com/lists/oss-security/2011/01/25/7
http://mailman.videolan.org/pipermail/vlc-devel/2011-January/078607.html
http://git.videolan.org/gitweb.cgi?p=vlc/vlc-1.1.git;a=tag;h=bb16813ddb61a53113c71bccc525559405785452
http://xforce.iss.net/xforce/xfdb/65029
2000
http://www.vupen.com/english/advisories/2011/0225
http://www.securityfocus.com/bid/46008
http://www.exploit-db.com/exploits/16108
http://mailman.videolan.org/pipermail/vlc-devel/2011-January/078614.html


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top