CVE-2018-11529

Related Files

VLC Media Player 2.2.8 MKV Use-After-Free

Posted Oct 11, 2018

Authored by Eugene NG, Winston Ho | Site metasploit.com

This Metasploit module exploits a use-after-free vulnerability in VideoLAN VLC versions 2.2.8 and below. The vulnerability exists in the parsing of MKV files and affects both 32 bits and 64 bits. In order to exploit this, this module will generate two files: The first .mkv file contains the main vulnerability and heap spray, the second .mkv file is required in order to take the vulnerable code path and should be placed under the same directory as the .mkv file. This Metasploit module has been tested against VLC v2.2.8. Tested with payloads windows/exec, windows/x64/exec, windows/shell/reverse_tcp, windows/x64/shell/reverse_tcp. Meterpreter payloads if used can cause the application to crash instead.

tags | exploit, shell

systems | windows

advisories | CVE-2018-11529

SHA-256 | 435c7636eca34f545c0f26cafcd6a118cbe005db8253b3a9ec76ba3a02331802

Download | Favorite | View

Debian Security Advisory 4251-1

Posted Jul 19, 2018

Authored by Debian | Site debian.org

Debian Linux Security Advisory 4251-1 - A use-after-free was discovered in the MP4 demuxer of the VLC media player, which could result in the execution of arbitrary code if a malformed media file is played.

tags | advisory, arbitrary

systems | linux, debian

advisories | CVE-2018-11529

SHA-256 | 5253b4c31d0da0c19893d064e2ba6b3b47effeaa41bab133435beffacb724256

Download | Favorite | View

VLC Media Player 2.2.8 Arbitrary Code Execution

Posted Jul 10, 2018

Authored by Eugene NG

VLC Media Player version 2.2.8 use-after-free arbitrary code execution proof of concept exploit.

tags | exploit, arbitrary, code execution, proof of concept

advisories | CVE-2018-11529

SHA-256 | 3a48ef91adb45a8f2f6681db1351e987e871313a2e75571f2f23b4f6b6dcce15

Download | Favorite | View