VideoLAN VLC Media Player 2.1.5 – Write Access Violation

• Exploit Database
• 110 阅读

• 作者： Veysel HATAS
  日期： 2015-01-26
• 类别：

  • local
  平台：

  • windows
• 来源：https://www.exploit-db.com/exploits/35902/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30

  Title : VLC Player 2.1.5 Write Access Violation Vulnerability Discoverer: Veysel HATAS (@muh4f1z) Web page : www.binarysniper.net Vendor : VideoLAN VLC Project Test: Windows XP SP3 Status: Fixed Severity : High   CVE ID : CVE-2014-9598 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=2014-9598> NIST: ​https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9598 OSVDB ID : 116451 <http://osvdb.org/show/osvdb/116451> VLC Ticket : 13390 <https://trac.videolan.org/vlc/ticket/13390>   windbglog : windbglog.txt <https://trac.videolan.org/vlc/attachment/ticket/13390/windbglog.txt>   Discovered : 24 November 2014 Reported : 26 December 2014 Published : 9 January 2015   Description : VLC Media Player contains a flaw that is triggered as user-supplied input is not properly sanitized when handling a specially crafted M2V file <http://www.datafilehost.com/d/11daf208>. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.   # Exploit-DB Mirror: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/35902-poc.m2v # Exploit-DB Mirror: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/35902-windbglog.txt