Rapid7 Vulnerability & Exploit Database

VideoLAN VLC ModPlug ReadS3M Stack Buffer Overflow

Back to Search

VideoLAN VLC ModPlug ReadS3M Stack Buffer Overflow



This module exploits an input validation error in libmod_plugin as included with VideoLAN VLC 1.1.8. All versions prior to version 1.1.9 are affected. By creating a malicious S3M file, a remote attacker could execute arbitrary code. Although other products that bundle libmodplug may be vulnerable, this module was only tested against VLC. NOTE: As of July 1st, 2010, VLC now calls SetProcessDEPPoly to permanently enable NX support on machines that support it. As such, this module is capable of bypassing DEP, but not ASLR.


  • jduck <jduck@metasploit.com>




Module Options

To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':

msf > use exploit/windows/fileformat/vlc_modplug_s3m
msf exploit(vlc_modplug_s3m) > show targets
msf exploit(vlc_modplug_s3m) > set TARGET < target-id >
msf exploit(vlc_modplug_s3m) > show options
    ...show and set options...
msf exploit(vlc_modplug_s3m) > exploit

Time is precious, so I don’t want to do something manually that I can automate. Leveraging the Metasploit Framework when automating any task keeps us from having to re-create the wheel as we can use the existing libraries and focus our efforts where it matters.

– Jim O’Gorman | President, Offensive Security