Summary : Stack overflow in VLC MMS support Date : March 2012 Affected versions : VLC media player all versions up to 2.0.1 ID : VideoLAN-SA-1201 CVE reference : CVE-2012-1775
Details will be known later.
If successful, a malicious third party could crash the VLC media player process. Arbitrary code execution should be possible on most systems.
Exploitation of this issue requires the user to explicitly open a specially crafted file.
The user should refrain from opening files from untrusted third parties or accessing untrusted remote sites (or disable the VLC browser plugins), until the patch is applied.
Alternatively, the MMS access plugin (
can be removed manually from the VLC plugin installation directory.
This will prevent opening of MMS:// streams.
VLC media player 2.0.1 addresses this issue. Patches for older versions will be available through the git repositories
This vulnerability was reported by Florent Hochwelker, aka TaPiOn.