VLC Media Player File Opening Insecure Library Loading Vulnerability (Win) Network Vulnerability

Summary

This host is installed with VLC media player and is prone to insecure library loading vulnerability.

Impact

Successful exploitation will allow the attackers to execute arbitrary code and conduct DLL hijacking attacks. Impact Level: Application.

Solution

Upgrade to VLC version 1.1.4 or apply patch from below link, For updates refer to http://www.videolan.org/vlc/

Insight

The flaw is due to the application insecurely loading certain librairies from the current working directory, which could allow attackers to execute arbitrary code by tricking a user into opening a file from a network share.

Affected

VLC Media Player version 1.1.3 and prior.

References

http://secunia.com/advisories/41107
http://www.exploit-db.com/exploits/14750/
http://www.openwall.com/lists/oss-security/2010/08/25/9
http://www.openwall.com/lists/oss-security/2010/08/25/10
http://www.vupen.com/english/advisories/2010/2172

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-3124
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe Acrobat Remote Code Execution Vulnerability(Win)
Adobe Air Multiple Vulnerabilities - December12 (Windows)
Adobe Acrobat Multiple Unspecified Vulnerabilities-01 Sep13 (Mac OS X)
Adobe Acrobat Multiple Vulnerabilities - 01 Jan14 (Windows)
Adobe AIR Multiple Vulnerabilities-01 Sep13 (Mac OS X)

Take action and discover your vulnerabilities