VideoLAN, a project and a non-profit organization.

Security Advisory 0703

Summary           : Recursive plugin release vulnerability in
                    Active X plugin
Date              : 30 November 2007
Affected versions : VLC media player 0.8.6 to 0.8.6c
ID                : VideoLAN-SA-0703, CORE-2007-1004
CVE reference     : CVE-2007-6262 

Details

VLC media player's ActiveX plugin is prone to a recursive plugin release vulnerability when being used within specifically crafted websites.

Impact

If successful, a malicious third party could use this vulnerability to overwrite memory zones and execute arbitrary code within the context of the VLC media player's ActiveX plugin (i.e. acquire local user privileges on the vulnerable system).

Threat mitigation

Exploitation of this bug requires the user to visit a malicious crafted website using VLC media player's ActiveX plugin.

Workarounds

The user may use VLC media player's Mozilla plugin for Mozilla Firefox or Seamonkey, which are not affected by this issue and provide the same features set.

Otherwise, websites from untrusted sources should not be opened.

Solution

VLC media player 0.8.6d addresses this issue and introduces further usability fixes.

Pre-compiled packages for MS Windows are available at the usual download locations.

Credits

This vulnerability was discovered by Ricardo Narvaja (Ricnar) from the Exploit Writers team of Core Security Technologies.

References

CORE Security Technologies
http://www.coresecurity.com/ Advisory CORE-2007-1004
The VideoLAN project
http://www.videolan.org/

History

3 December 2007
Core Security advisory published
30 November 2007
VLC 0.8.6d bugfix release
Binaries for MS Windows
17 November 2007
Source code fixes for VLC 0.8.6c and development tree
29 October 2007
Bug reported by Ricardo Narvaja
Damien Fouilleul, Felix Paul Kühne,
on behalf of the VideoLAN project