CVE Reference: CVE-2010-3124

NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE:
CVE-2010-3124

Description:
Untrusted search path vulnerability in bin/winvlc.c in VLC Media Player 1.1.3 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wintab32.dll that is located in the same folder as a .mp3 file.

CVE Status:
Candidate

References:

SAID
  Secunia Advisory: SA41107

OVAL
  http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:12190

MLIST
  http://www.openwall.com/lists/oss-security/2010/08/25/10
  http://www.openwall.com/lists/oss-security/2010/08/25/9

EXPLOIT-DB
  http://www.exploit-db.com/exploits/14750

CONFIRM
  http://git.videolan.org/?p=vlc/vlc-1.1.git;a=blobdiff;f=bin/winvlc.c;h=ac9b97ca9f5f9ba001f13bf61eb5127a1c1dbcbf;hp=2d09cba320e3b0def7069ce1ebab25d1340161c5;hb=43a31df56c37bd62c691cdbe3c1f11babd164b56;hpb=2d366da738b19f8d761d7084746c6db6f52808c6


Return to the previous page.