Showing 1 - 2 of 2

CVE-2012-1775

Status Candidate

Overview

Stack-based buffer overflow in VideoLAN VLC media player before 2.0.1 allows remote attackers to execute arbitrary code via a crafted MMS:// stream.

Gentoo Linux Security Advisory 201411-01: Posted Nov 5, 2014; Authored by Gentoo | Site security.gentoo.org; Gentoo Linux Security Advisory 201411-1 - Multiple vulnerabilities have been found in VLC, the worst of which could lead to user-assisted execution of arbitrary code. Versions less than 2.1.2 are affected.; tags | advisory, arbitrary, vulnerability; systems | linux, gentoo; advisories | CVE-2010-1441, CVE-2010-1442, CVE-2010-1443, CVE-2010-1444, CVE-2010-1445, CVE-2010-2062, CVE-2010-2937, CVE-2010-3124, CVE-2010-3275, CVE-2010-3276, CVE-2010-3907, CVE-2011-0021, CVE-2011-0522, CVE-2011-0531, CVE-2011-1087, CVE-2011-1684, CVE-2011-2194, CVE-2011-2587, CVE-2011-2588, CVE-2011-3623, CVE-2012-0023, CVE-2012-1775, CVE-2012-1776, CVE-2012-2396, CVE-2012-3377, CVE-2012-5470, CVE-2012-5855, CVE-2013-1868; SHA-256 | dc80967f563bbb7cad25daadf72cf12d774e1d368369c73dbb4cb2d0f6afafb2; Download | Favorite | View

VLC MMS Stream Handling Buffer Overflow: Posted May 3, 2012; Authored by sinn3r, juan vazquez, Florent Hochwelker | Site metasploit.com; This Metasploit module exploits a buffer overflow in VLC media player VLC media player prior to 2.0.0. The vulnerability is due to a dangerous use of sprintf which can result in a stack buffer overflow when handling a malicious MMS URI. This Metasploit module uses the browser as attack vector. A specially crafted MMS URI is used to trigger the overflow and get flow control through SEH overwrite. Control is transferred to code located in the heap through a standard heap spray. The module only targets IE6 and IE7 because no DEP/ASLR bypass has been provided.; tags | exploit, overflow; advisories | CVE-2012-1775, OSVDB-80188; SHA-256 | 7856c6264ba9fc35e320d076f363c777f1720c644ed1819cf46c0dd75d155ea8; Download | Favorite | View

Page 1 of 1 Back 1 Next