Secunia SmallBusiness
Overview
Advisories
Research
Forums
Create Profile
Our Commitment
Database
Search
Advisories by Product
Advisories by Vendor
Terminology
Report Vulnerability
Insecure Library Loading

Secunia Advisory SA38853

VLC Media Player Bookmark Handling Memory Corruption
Secunia Advisory SA38853
Secunia VIM 4.0 - Free Trial
Release Date 2010-03-05
Last Update 2011-05-06
   
Popularity 11,207 views
Comments 8 comments

Criticality level Less criticalLess critical
Impact System access
Where From remote
Authentication level This information is available to Secunia VIM customers
   
Report reliability This information is available to Secunia VIM customers
Solution Status Vendor Patch
   
Systems affected This information is available to Secunia VIM customers
Approve distribution This information is available to Secunia VIM customers
Remediation status Secunia CSI, Secunia PSI
Automated scanning Secunia CSI, Secunia PSI
   
Software:
VLC media player 1.x
Secunia CVSS Score This information is available to Secunia VIM Customers
CVE Reference(s) CVE-2011-1087 CVSS score available to Secunia VIM customers
  

Description

Gjoko Krstic has discovered a vulnerability in VLC Media Player, which can be exploited by malicious people to potentially compromise a user's system.

The vulnerability is caused due to a race condition error when creating bookmarks and can be exploited to corrupt memory by tricking a user into creating a bookmark while playing a specially crafted file.

Successful exploitation may allow execution of arbitrary code.

The vulnerability is confirmed in version 1.0.5. Prior versions may also be affected.


Solution
Update to version 1.0.6.

Provided and/or discovered by
Gjoko Krstic

Changelog
Further details available to Secunia VIM customers

Original Advisory
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4931.php

Other references
Further details available to Secunia VIM customers

Deep Links
Links available to Secunia VIM customers


Do you have additional information related to this advisory?

Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this information to vuln@secunia.com

Subject: VLC Media Player Bookmark Handling Memory Corruption
 
User Message
[+]

This user no longer exists

 RE: VLC Media Player Bookmark Handling Memory Corruption
This reply has been minimised due to a negative Relevancy Score.

0puns0r3s

 RE: VLC Media Player Bookmark Handling Memory Corruption
[+]
This reply has been minimised due to a negative Relevancy Score.
Maurice Joyce RE: VLC Media Player Bookmark Handling Memory Corruption
Handling Contributor 3rd Apr, 2010 16:23
Score: 10510
Posts: 8,071
User Since: 4th Jan 2009
System Score: 100%
Location: UK
 Secunia have already addressed this problem. If U have the plugin installed it will show up. The previous post on VLC is below:


Hi,

If you haven't install the browser plugin for a specific program, that program shouldn't put your browser at risk.
To determine which plugins your browser uses, please refer to
http://support.microsoft.com/kb/883256
for internet explorer, or simple enter "about:config" in the Firefox address bar.

Hope this helps.

--

Kind regards,

Emil R. Petersen
Secunia PSI Support

Secunia PSI
http://secunia.com/vulnerability_scanning/personal



--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 10 for Windows 7
16GB RAM
Was this reply relevant?
+4
-4

04352435

 RE: VLC Media Player Bookmark Handling Memory Corruption
[+]
This reply has been minimised due to a negative Relevancy Score.

earthsound

 RE: VLC Media Player Bookmark Handling Memory Corruption
[+]
This reply has been minimised due to a negative Relevancy Score.

jpers

 RE: VLC Media Player Bookmark Handling Memory Corruption
[+]
This reply has been minimised due to a negative Relevancy Score.

Privacy_nerd

 RE: VLC Media Player Bookmark Handling Memory Corruption
[+]
This reply has been minimised due to a negative Relevancy Score.
Privacy_nerd RE: VLC Media Player Bookmark Handling Memory Corruption
Member 6th Jul, 2010 02:51
Score: -4
Posts: 8
User Since: 29th Jan 2008
System Score: N/A
Location: N/A
Last edited on 6th Jul, 2010 02:54		 For Windows users the most practical solution is to update to 1.1.0.0 since they never released version 1.0.6 precompiled binaries. VLC is difficult to install from source code on Windows.
Was this reply relevant?
+0
-0

-

You must be logged in to post a comment.



 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Factsheets
Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom
 
© 2002-2013 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability