VLC Media Player SMB 'Win32AddConnection()' BOF Vulnerability - July09 (Win) Network Vulnerability

Summary

This host is installed with VLC Media Player and is prone to Stack-Based Buffer Overflow Vulnerability.

Impact

Successful exploitation allows attackers to execute arbitrary code, and can casue application crash. Impact Level: Application

Solution

Apply the available patch from below link, http://git.videolan.org/?p=vlc.git a=commit h=e60a9038b13b5eb805a76755efc5c6d5e080180f ***** NOTE: Ignore this warning if above mentioned patch is already applied. *****

Insight

Stack-based Buffer overflow error in the 'Win32AddConnection' function in modules/access/smb.c while processing a specially crafted long 'smb://' URI within a playlist.

Affected

VLC Media Player version 0.9.9 and prior on Windows.

References

http://secunia.com/advisories/35558
http://www.vupen.com/english/advisories/2009/1714

Updated on 2017-03-28

Severity

Classification

CVE CVE-2009-2484
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

ALLMediaServer Request Handling Buffer Overflow Vulnerability
ALLMediaServer Request Handling Stack Buffer Overflow Vulnerability
Dell Webcam 'crazytalk4.ocx' ActiveX Multiple BOF Vulnerabilities
Buffer overflow in Apple Quicktime Player
Adobe Reader Multiple BOF Vulnerabilities - Jun09 (Linux)

Take action and discover your vulnerabilities