module
VLC MMS Stream Handling Buffer Overflow
| Disclosed | Created |
|---|---|
| 2012-03-15 | 2018-05-30 |
Disclosed
2012-03-15
Created
2018-05-30
Description
This module exploits a buffer overflow in VLC media player VLC media player prior
to 2.0.0. The vulnerability is due to a dangerous use of sprintf which can result
in a stack buffer overflow when handling a malicious MMS URI.
This module uses the browser as attack vector. A specially crafted MMS URI is
used to trigger the overflow and get flow control through SEH overwrite. Control
is transferred to code located in the heap through a standard heap spray.
The module only targets IE6 and IE7 because no DEP/ASLR bypass has been provided.
to 2.0.0. The vulnerability is due to a dangerous use of sprintf which can result
in a stack buffer overflow when handling a malicious MMS URI.
This module uses the browser as attack vector. A specially crafted MMS URI is
used to trigger the overflow and get flow control through SEH overwrite. Control
is transferred to code located in the heap through a standard heap spray.
The module only targets IE6 and IE7 because no DEP/ASLR bypass has been provided.
Authors
Florent Hochwelker
sinn3r sinn3r@metasploit.com
juan vazquez juan.vazquez@metasploit.com
sinn3r sinn3r@metasploit.com
juan vazquez juan.vazquez@metasploit.com
Platform
Windows
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.