Security Advisory 1201

Summary           : Stack overflow in VLC MMS support
Date              : March 2012
Affected versions : VLC media player all versions up to 2.0.1
ID                : VideoLAN-SA-1201
CVE reference     : CVE-2012-1775

Details

Details will be known later.

Impact

If successful, a malicious third party could crash the VLC media player process. Arbitrary code execution should be possible on most systems.

Threat mitigation

Exploitation of this issue requires the user to explicitly open a specially crafted file.

Workarounds

The user should refrain from opening files from untrusted third parties or accessing untrusted remote sites (or disable the VLC browser plugins), until the patch is applied.

Alternatively, the MMS access plugin (libaccess_mms_plugin.*) can be removed manually from the VLC plugin installation directory. This will prevent opening of MMS:// streams.

Solution

VLC media player 2.0.1 addresses this issue. Patches for older versions will be available through the git repositories

Credits

This vulnerability was reported by Florent Hochwelker, aka TaPiOn.

References

The VideoLAN project

http://www.videolan.org/

History

12 March 2012

Vendor notification.

Private patch for VLC development version, 2.0 and 1.1 trees.

Initial security advisory.

15 March 2012

Official patch merged in VLC development version, 2.0 and 1.1 trees.