Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: InfoSec Handlers Diary Blog - VLC Media Player udp URL handler Format String Vulnerability InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

VLC Media Player udp URL handler Format String Vulnerability

Published: 2007-01-03
Last Updated: 2007-01-03 00:39:56 UTC
by Toby Kohlenberg (Version: 1)
0 comment(s)
Welcome Fans to Day Two of the Month of Apple Bugs!
http://projects.info-pull.com/moab/MOAB-02-01-2007.html
Today's contestants are: the MOAB team and VLC Media Player.
We have a special treat for you today as the vulnerability announced on this lovely Winter morning (okay, it hasn't stopped raining yet today and it was almost dark at 2:30pm and technically it's evening but...) impacts the VLC Media Player on both OSX and Windows.

MOAB team, the reigning champion after their highly noted win against Apple Quicktime yesterday by stack overflow had this to say about their opponent-
"A format string vulnerability exists in the handling of the udp:// URL handler. By supplying a specially crafted string, a remote attacker could cause an arbitrary code execution condition, under the privileges of the user running VLC."

After a short bout MOAB was declared winner again by delivery of PoC for both x86 and PPC.
This contender has certainly come out strong but we'll see how they hold up as the month continues. That's all till next time sports fans.
0 comment(s)
Diary Archives