VLC Player 2.1.5 DEP Access Violation Vulnerability
Title : VLC Player 2.1.5 DEP Access Violation Vulnerability Discoverer: Veysel HATAS (vhatas@gmail.com) Web page : www.binarysniper.net Test: Windows XP SP3 Status: Not Fixed Severity : High
Discovered: 24 November 2014
Description : VLC Player contains a flaw that is triggered as user-supplied input is not properly sanitized when handling a specially crafted flv file. This may allow a context-dependent attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code.
attachment 1: windbglog.txt attachment 2: poc.flv attachment 3: original.flv