Forum Thread: CVE-2014-1954 explained

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Open Discussions

This thread has been marked as locked.
Andski CVE-2014-1954 explained
Member 13th Jun, 2014 15:48
Ranking: 0
Posts: 1
User Since: 13th Jun, 2014
System Score: N/A
Location: DE
Last edited on 13th Jun, 2014 16:14

Hello,

i have a question according to CVE-2013-1954 - execute arbitrary code via a crafted ASF movie in VLCs asf demuxer. If i wanted to use this vulnerability what would be the first steps?

Don't be afraid, i don't want to do evil things (ok, everyone could say this). I have to explain the vulnerability in a course at university and i have to explain it so that my fellow students can understand what happens and why this works. I don't want a step by step explanation. But if someone could give me any hints that would be nice.


My thoughts:
If i load an asf file to vlc the file is read by demux/asf/asf.c. Somewhere (but at a special position i think?) in the asf movie file i put my code that is to be executed. How should i prepare it? Obviously i have to put the string "/bin/sh" somewhere in the asf file (probably in hexadecimal notation).
While reading (or processing) the movie file VLC will run into troubles (and finally crashes) and execute my smuggled code.

Thanks in advance

No one has replied to this thread yet - be the first
This thread has been marked as locked.