Security Advisory 0703
Summary : Recursive plugin release vulnerability in
Active X plugin
Date : 30 November 2007
Affected versions : VLC media player 0.8.6 to 0.8.6c
ID : VideoLAN-SA-0703, CORE-2007-1004
CVE reference : CVE-2007-6262
Details
VLC media player's ActiveX plugin is prone to a recursive plugin release vulnerability when being used within specifically crafted websites.
Impact
If successful, a malicious third party could use this vulnerability to overwrite memory zones and execute arbitrary code within the context of the VLC media player's ActiveX plugin (i.e. acquire local user privileges on the vulnerable system).
Threat mitigation
Exploitation of this bug requires the user to visit a malicious crafted website using VLC media player's ActiveX plugin.
Workarounds
The user may use VLC media player's Mozilla plugin for Mozilla Firefox or Seamonkey, which are not affected by this issue and provide the same features set.
Otherwise, websites from untrusted sources should not be opened.
Solution
VLC media player 0.8.6d addresses this issue and introduces further usability fixes.
Pre-compiled packages for MS Windows are available at the usual download locations.
Credits
This vulnerability was discovered by Ricardo Narvaja (Ricnar) from the Exploit Writers team of Core Security Technologies.
References
- CORE Security Technologies
- http://www.coresecurity.com/ Advisory CORE-2007-1004
- The VideoLAN project
- http://www.videolan.org/
History
- 3 December 2007
- Core Security advisory published
- 30 November 2007
- VLC 0.8.6d bugfix release
- Binaries for MS Windows
- 17 November 2007
- Source code fixes for VLC 0.8.6c and development tree
- 29 October 2007
- Bug reported by Ricardo Narvaja
on behalf of the VideoLAN project