Summary : Recursive plugin release vulnerability in
Active X plugin
Date : 30 November 2007
Affected versions : VLC media player 0.8.6 to 0.8.6c
ID : VideoLAN-SA-0703, CORE-2007-1004
CVE reference : CVE-2007-6262
Details
VLC media player's ActiveX plugin is prone to a recursive plugin
release vulnerability when being used within specifically crafted websites.
Impact
If successful, a malicious third party could use this vulnerability
to overwrite memory zones and execute arbitrary code within the context
of the VLC media player's ActiveX plugin
(i.e. acquire local user privileges on the vulnerable system).
Threat mitigation
Exploitation of this bug requires the user to visit a malicious
crafted website using VLC media player's ActiveX plugin.
Workarounds
The user may use VLC media player's Mozilla plugin
for Mozilla Firefox or Seamonkey,
which are not affected by this issue and provide the same features set.
Otherwise, websites from untrusted sources should not be opened.
Solution
VLC media player 0.8.6d addresses this issue and introduces further
usability fixes.
Pre-compiled packages for MS Windows are available at the
usual download locations.
Credits
This vulnerability was discovered by Ricardo Narvaja (Ricnar) from
the Exploit Writers team of Core Security Technologies.
