Intrusion Prevention

VLC.Media.Player.SMB.Win32AddConnection.Buffer.Overflow

Description

This indicates an attempt to exploit a stack-based buffer overflow vulnerability in VLC media player.
This issue is caused by an error when the vulnerable software is handling overlong "smb://" uri in the xspf (XML Shareable Playlist Format ) file. It allows a remote attacker to execute arbitrary code via sending a crafted xspf file.

Affected Products

VLC Media Player version 0.9.9 and prior (Windows)

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Apply patch,available from the web site.
http://git.videolan.org/?p=vlc.git;a=commit;h=e60a9038b13b5eb805a76755efc5c6d5e080180f

CVE References

CVE-2009-2484