This Metasploit module exploits a use-after-free vulnerability in VideoLAN VLC versions 2.2.8 and below. The vulnerability exists in the parsing of MKV files and affects both 32 bits and 64 bits. In order to exploit this, this module will generate two files: The first .mkv file contains the main vulnerability and heap spray, the second .mkv file is required in order to take the vulnerable code path and should be placed under the same directory as the .mkv file. This Metasploit module has been tested against VLC v2.2.8. Tested with payloads windows/exec, windows/x64/exec, windows/shell/reverse_tcp, windows/x64/shell/reverse_tcp. Meterpreter payloads if used can cause the application to crash instead.
435c7636eca34f545c0f26cafcd6a118cbe005db8253b3a9ec76ba3a02331802
Debian Linux Security Advisory 4251-1 - A use-after-free was discovered in the MP4 demuxer of the VLC media player, which could result in the execution of arbitrary code if a malformed media file is played.
5253b4c31d0da0c19893d064e2ba6b3b47effeaa41bab133435beffacb724256
VLC Media Player version 2.2.8 use-after-free arbitrary code execution proof of concept exploit.
3a48ef91adb45a8f2f6681db1351e987e871313a2e75571f2f23b4f6b6dcce15