Intrusion Prevention

VideoLan.VLC.Media.Player.Format.String

Description

VLC media player has a format-string vulnerability. A remote attacker could execute arbitrary code on the system via an M3U file with a specially-crafted udp:// URL containing format string specifiers in the file.

Affected Products

VideoLAN VLC versions 0.7.0 through 0.8.6

Impact

System compromise.

Recommended Actions

Upgrade to the latest version, available from the Web site.
http://www.videolan.org/vlc/

CVE References

CVE-2007-0017