VLC Player 2.1.5 DEP Access Violation Vulnerability

Title : VLC Player 2.1.5 DEP Access Violation Vulnerability Discoverer: Veysel HATAS (vhatas@gmail.com) Web page : www.binarysniper.net Test: Windows XP SP3 Status: Not Fixed Severity : High

Discovered: 24 November 2014

Description : VLC Player contains a flaw that is triggered as user-supplied input is not properly sanitized when handling a specially crafted flv file. This may allow a context-dependent attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code.

attachment 1: windbglog.txt attachment 2: poc.flv attachment 3: original.flv

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information