VLC Media Player SMB 'Win32AddConnection()' BOF Vulnerability - July09 (Win) Network Vulnerability

Summary

This host is installed with VLC Media Player and is prone to Stack-Based Buffer Overflow Vulnerability.

Impact

Successful exploitation allows attackers to execute arbitrary code, and can casue application crash. Impact Level: Application

Solution

Apply the available patch from below link, http://git.videolan.org/?p=vlc.git a=commit h=e60a9038b13b5eb805a76755efc5c6d5e080180f ***** NOTE: Ignore this warning if above mentioned patch is already applied. *****

Insight

Stack-based Buffer overflow error in the 'Win32AddConnection' function in modules/access/smb.c while processing a specially crafted long 'smb://' URI within a playlist.

Affected

VLC Media Player version 0.9.9 and prior on Windows.

References

http://secunia.com/advisories/35558
http://www.vupen.com/english/advisories/2009/1714

Updated on 2017-03-28

Severity

Classification

CVE CVE-2009-2484

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

BS.Player '.bsl' File Buffer Overflow Vulnerabilities
Adobe Reader 'Plug-in' Buffer Overflow Vulnerability (Windows)
Anzio Web Print Object ActiveX Control Remote BOF Vulnerability
Apple Safari 'CSS' Buffer Overflow Vulnerability (Win) - Dec09
ActiveFax RAW Server Multiple Buffer Overflow Vulnerabilities

Take action and discover your vulnerabilities