Twenty Year Anniversary
Showing 1 - 25 of 100 RSS Feed

Files

VLC Media Player 2.2.8 MKV Use-After-Free
Posted Oct 11, 2018
Authored by Eugene NG, Winston Ho | Site metasploit.com

This Metasploit module exploits a use-after-free vulnerability in VideoLAN VLC versions 2.2.8 and below. The vulnerability exists in the parsing of MKV files and affects both 32 bits and 64 bits. In order to exploit this, this module will generate two files: The first .mkv file contains the main vulnerability and heap spray, the second .mkv file is required in order to take the vulnerable code path and should be placed under the same directory as the .mkv file. This Metasploit module has been tested against VLC v2.2.8. Tested with payloads windows/exec, windows/x64/exec, windows/shell/reverse_tcp, windows/x64/shell/reverse_tcp. Meterpreter payloads if used can cause the application to crash instead.

tags | exploit, shell
systems | windows
advisories | CVE-2018-11529
MD5 | 8a992cc20fa2660fbd011bbae7fa991c

Related Files

VLC 2.0.2 Division By Zero
Posted Aug 2, 2012
Authored by Dark-Puzzle

VLC version 2.0.2 suffers form a division by zero vulnerability when parsing .3gp files.

tags | exploit
MD5 | eb1d96e622bec9eb788c32117385d337
Secunia Security Advisory 49835
Posted Jul 9, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in VLC Media Player, which can be exploited by malicious people to compromise a user's system.

tags | advisory
MD5 | 1b834020f6783d77dc9888c5330e94dc
VLC 2.0.1 Denial Of Service
Posted Jun 28, 2012
Authored by Dark-Puzzle

VLC version 2.0.1 suffers from an avi playlist denial of service vulnerability.

tags | exploit, denial of service
MD5 | 7c5394441db0457d05007182d4a8f849
VLC MMS Stream Handling Buffer Overflow
Posted May 3, 2012
Authored by sinn3r, juan vazquez, Florent Hochwelker | Site metasploit.com

This Metasploit module exploits a buffer overflow in VLC media player VLC media player prior to 2.0.0. The vulnerability is due to a dangerous use of sprintf which can result in a stack buffer overflow when handling a malicious MMS URI. This Metasploit module uses the browser as attack vector. A specially crafted MMS URI is used to trigger the overflow and get flow control through SEH overwrite. Control is transferred to code located in the heap through a standard heap spray. The module only targets IE6 and IE7 because no DEP/ASLR bypass has been provided.

tags | exploit, overflow
advisories | CVE-2012-1775, OSVDB-80188
MD5 | a970745bd46aead19ab89a07e5992369
VLC 2.0.1 Division By Zero
Posted Apr 19, 2012
Authored by Senator of Pirates

VLC version 2.0.1 suffers from a division by zero vulnerability during the handling of mp4 files.

tags | exploit, denial of service
MD5 | 7145caf8e0bb8a40b843ae226873de7c
Secunia Security Advisory 48503
Posted Mar 20, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in VLC Media Player, which can be exploited by malicious people to compromise a user's system.

tags | advisory, vulnerability
MD5 | f9138ecaf8585b97a8713476217534ff
Secunia Security Advisory 48500
Posted Mar 19, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in VLC Media Player, which can be exploited by malicious people to compromise a user's system.

tags | advisory, vulnerability
MD5 | 7f35f4d9a9164fdc242b994fb5db7b6a
VLC Media Player 1.1.11 Denial Of Service
Posted Mar 13, 2012
Authored by Senator of Pirates

VLC Media Player versions 1.1.11 and below denial of service exploit that makes a malicious .flv file.

tags | exploit, denial of service
MD5 | d4ca72ba1cbcddc837ba0cacce502a07
VLC Media Player RealText Subtitle Overflow
Posted Mar 3, 2012
Authored by Tobias Klein, SkD, juan vazquez | Site metasploit.com

This Metasploit module exploits a stack buffer overflow vulnerability in VideoLAN VLC versions prior to 0.9.6. The vulnerability exists in the parsing of RealText subtitle files. In order to exploit this, this module will generate two files: The .mp4 file is used to trick your victim into running. The .rt file is the actual malicious file that triggers the vulnerability, which should be placed under the same directory as the .mp4 file.

tags | exploit, overflow
advisories | CVE-2008-5036, OSVDB-49809
MD5 | f295ecc1bff79f3602400c7e2760ad65
VLC 1.2.0 Divide By Zero Denial of Service
Posted Jan 20, 2012
Authored by nomnom

VLC versions 1.2.0 and 1.1.11 divide by zero denial of service exploit that creates a malicious .ape file.

tags | exploit, denial of service
MD5 | 933f6ea3116f2ed4a0de60b32f64934f
VLC Media Player 1.1.11 Proof Of Concept
Posted Jan 4, 2012
Authored by Fabi

VLC Media Player version 1.1.11 local crash proof of concept exploit that creates a malicious .amr file.

tags | exploit, denial of service, local, proof of concept
MD5 | 4cc7f197937ce0cbcdcae6c426d00df2
Secunia Security Advisory 47325
Posted Dec 21, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in VLC Media Player, which potentially can be exploited by malicious people to compromise a user's system.

tags | advisory
MD5 | 897d17a273605279b80e8779ebb22018
libdvdcss 1.2.11
Posted Nov 16, 2011
Site videolan.org

libdvdcss is a cross-platform library for transparent DVD device access with on-the-fly CSS decryption. It currently runs under Linux, FreeBSD, NetBSD, OpenBSD, BSD/OS, Solaris, BeOS, Win95/Win98, Win2k/WinXP, MacOS X, HP-UX, QNX, and OS/2. It is used by libdvdread and most DVD players such as VLC because of its portability and because, unlike similar libraries, it does not require your DVD drive to be region locked.

Changes: This release improves RPC-II drive handling and contains a more robust keys retrieval mode. It also introduces fixes for MingW and OS/2 compilation, and has various bugfixes for small issues, memory leaks, crashes, and build issues.
tags | library
systems | linux, netbsd, windows, 2k, 9x, unix, solaris, freebsd, bsd, openbsd, hpux, beos, osx, xp
MD5 | 048134d398b4372a21ae304b9a9fa70b
Secunia Security Advisory 46224
Posted Oct 17, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in VLC Media Player, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
MD5 | 3e44d2fe162ea8dcad9be5562493c647
LibAVCodec AMV Out Of Array Write
Posted Aug 1, 2011
Authored by Dominic Chell | Site ngssecure.com

Dominic Chell of NGS Secure has discovered a high risk vulnerability in LibAVCodec. Opening a malformed AMV file can result in an out of array write and potentially arbitrary code execution when using this library. Whilst the vulnerability may affect multiple applications that use this library, it was only tested on VLC media player. VLC media player versions 1.1.9 and below are affected.

tags | advisory, arbitrary, code execution
advisories | CVE-2011-1931
MD5 | 9ffa2a987f98d517612a95b753c563a0
Secunia Security Advisory 45066
Posted Jul 13, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Hossein Lotfi has discovered two vulnerabilities in VLC Media Player, which can be exploited by malicious people to compromise a user's system.

tags | advisory, vulnerability
MD5 | 3904ffb5366f460ed1c3bad35d8ddf5c
Secunia Security Advisory 44892
Posted Jun 14, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for vlc. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.

tags | advisory
systems | linux, debian
MD5 | bc1ed3cbaebca27e7616143fe34ee38f
Debian Security Advisory 2257-1
Posted Jun 10, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2257-1 - Rocco Calvi discovered that the XSPF playlist parser of vlc, a multimedia player and streamer, is prone to an integer overflow resulting in a heap-based buffer overflow. This might allow an attacker to execute arbitrary code by tricking a victim into opening a specially crafted file.

tags | advisory, overflow, arbitrary
systems | linux, debian
advisories | CVE-2011-2194
MD5 | fb064886ebefb6172566b64669ab0049
VLC Media Player XSPF Local File Integer Overflow
Posted Jun 9, 2011
Authored by TecR0c

VLC Media Player suffers from an XSPF local file integer overflow in the XSPF playlist parser. Versions 1.1.9 down to 0.8.5 are affected.

tags | exploit, overflow, local
MD5 | 3cfc2105895e00e1fcc0e75ba428e3fc
VideoLAN VLC ModPlug ReadS3M Stack Buffer Overflow
Posted May 9, 2011
Authored by jduck | Site metasploit.com

This Metasploit module exploits an input validation error in libmod_plugin as included with VideoLAN VLC 1.1.8. All versions prior to version 1.1.9 are affected. By creating a malicious S3M file, a remote attacker could execute arbitrary code. Although other products that bundle libmodplug may be vulnerable, this module was only tested against VLC. NOTE: As of July 1st, 2010, VLC now calls SetProcessDEPPoly to permanently enable NX support on machines that support it. As such, this module is capable of bypassing DEP, but not ASLR.

tags | exploit, remote, arbitrary
advisories | CVE-2011-1574, OSVDB-72143
MD5 | 2221aacf8b9c531daa490a3a18bd236b
Secunia Security Advisory 44412
Posted May 4, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been discovered in VLC Media Player, which can be exploited by malicious people to compromise a user's system.

tags | advisory, vulnerability
MD5 | ace7ec93bc5ada723a10d3f9b1483f46
LibAVCodec AMV Out Of Array Write
Posted Apr 27, 2011
Authored by Dominic Chell | Site ngssoftware.com

Dominic Chell of NGS Secure has discovered a high risk vulnerability in LibAVCodec. Opening a malformed AMV file can result in an out of array write and potentially arbitrary code execution when using this library. Whilst the vulnerability may affect multiple applications that use this library, it was only tested on VLC media player. VLC media player versions 1.1.9 and below are affected.

tags | advisory, arbitrary, code execution
MD5 | e3c400ccbbb054874d638f5b654cc785
Secunia Security Advisory 43890
Posted Apr 14, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for vlc. This fixes a vulnerability, which can be exploited by malicious people to potentially compromise a user's system.

tags | advisory
systems | linux, debian
MD5 | bce1f918af92dcdbc4d72c16cfada3cc
Debian Security Advisory 2218-1
Posted Apr 12, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2218-1 - Aliz Hammond discovered that the MP4 decoder plugin of vlc, a multimedia player and streamer, is vulnerable to a heap-based buffer overflow. This has been introduced by a wrong data type being used for a size calculation. An attacker could use this flaw to trick a victim into opening a specially crafted MP4 file and possibly execute arbitrary code or crash the media player.

tags | advisory, overflow, arbitrary
systems | linux, debian
MD5 | e1370d9bd6e33cd7bf531874c14c582d
Secunia Security Advisory 44022
Posted Apr 12, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in VLC Media Player, which can be exploited by malicious people to potentially compromise a user's system.

tags | advisory
MD5 | 642b177dc4869298cde7f9656420c5db
Page 1 of 4
Back1234Next

File Archive:

December 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    11 Files
  • 2
    Dec 2nd
    1 Files
  • 3
    Dec 3rd
    18 Files
  • 4
    Dec 4th
    40 Files
  • 5
    Dec 5th
    16 Files
  • 6
    Dec 6th
    50 Files
  • 7
    Dec 7th
    12 Files
  • 8
    Dec 8th
    1 Files
  • 9
    Dec 9th
    1 Files
  • 10
    Dec 10th
    15 Files
  • 11
    Dec 11th
    30 Files
  • 12
    Dec 12th
    25 Files
  • 13
    Dec 13th
    14 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close