Forum Thread: VLC Media Player Insecure Library Loading Vulnerability

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Vulnerabilities

See the original Secunia advisory:
VLC Media Player Insecure Library Loading Vulnerability

Secunia VLC Media Player Insecure Library Loading Vulnerability
Secunia Official 28th Aug, 2010 16:08
Ranking: 0
Posts: 0
User Since: -
System Score: -
Location: Copenhagen, DK
A vulnerability has been discovered in VLC Media Player, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to the application loading libraries (e.g. wintab32.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening an MP3 file located on a remote WebDAV or SMB share.

Successful exploitation allows execution of arbitrary code.

The vulnerability is confirmed in version 1.1.3 for Windows. Other versions may also be affected.

davidbassplayer RE: VLC Media Player Insecure Library Loading Vulnerability
Member 28th Aug, 2010 16:08
Score: 2
Posts: 20
User Since: 13th Feb 2008
System Score: N/A
Location: N/A
Last edited on 28th Aug, 2010 16:08
VLC 1.1.4 is available at the VideoLan web site. PCI doesn't think it corrects the vulnerability. Does it?
Was this reply relevant?
+0
-0
dracudok RE: VLC Media Player Insecure Library Loading Vulnerability
Member 28th Aug, 2010 19:54
Score: 42
Posts: 26
User Since: 14th Jun 2009
System Score: N/A
Location: DE
Last edited on 28th Aug, 2010 22:43
According to these articles (http://isc.sans.edu/diary.html?storyid=9445 and http://www.h-online.com/security/news/item/Attacke...) there are DLL vulnerabilities in numerous applications, not just VLC player (e.g. Firefox, see http://secunia.com/community/forum/thread/show/529...). VLC player version 1.1.4 is one of the first programs, where this problem is fixed.

dracudok

Edit: See also http://support.microsoft.com/?scid=kb%3Ben-us%3B22... and http://www.microsoft.com/technet/security/advisory...

Edit2: An unofficial list of potentially vulnerable applications can be found here: http://www.corelan.be:8800/index.php/2010/08/25/dl...
Was this reply relevant?
+2
-0