module
VLC MMS Stream Handling Buffer Overflow
| Disclosed | Created |
|---|---|
| Mar 15, 2012 | May 30, 2018 |
Disclosed
Mar 15, 2012
Created
May 30, 2018
Description
This module exploits a buffer overflow in VLC media player VLC media player prior
to 2.0.0. The vulnerability is due to a dangerous use of sprintf which can result
in a stack buffer overflow when handling a malicious MMS URI.
This module uses the browser as attack vector. A specially crafted MMS URI is
used to trigger the overflow and get flow control through SEH overwrite. Control
is transferred to code located in the heap through a standard heap spray.
The module only targets IE6 and IE7 because no DEP/ASLR bypass has been provided.
to 2.0.0. The vulnerability is due to a dangerous use of sprintf which can result
in a stack buffer overflow when handling a malicious MMS URI.
This module uses the browser as attack vector. A specially crafted MMS URI is
used to trigger the overflow and get flow control through SEH overwrite. Control
is transferred to code located in the heap through a standard heap spray.
The module only targets IE6 and IE7 because no DEP/ASLR bypass has been provided.
Authors
Platform
Windows
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.