Posts

VideoLAN VLC Media Player mms Buffer Overflow (Mar 23, 2012)

VideoLAN VLC Media Player is an open source multimedia player. It can play various audio/video formats (MPEG, DivX, ogg, Wave etc.) as well as streaming protocols. It is highly portable and available for multiple platforms.

VLC Media Player can be instructed to open media resources referred by URIs. A URI can be supplied to VLC Media Player by embedding it in a playlist file, such as an ASX (Advanced Stream Redirector) format playlist. In a URI, a “mms” scheme (often appears as “mms://path”) addresses Windows Media Services Streaming Protocol. The generic form of the mms URI parsed by VLC media player is as follows:

mms://[[username[:password@]]hostname[:port][/path][&args…]

A stack buffer overflow vulnerability exists in VideoLAN VLC Media Player. Specifically, the vulnerability is due to improper handling of the hostname field in “mms” URIs. An attacker can exploit this vulnerability by enticing a user to open a crafted playlist file. Successful exploitation would allow for arbitrary code injection and execution with the privileges of the currently logged in user. Code injection that does not result in execution would terminate the application due to memory corruption.

The vulnerability has been assigned as CVE-2012-1775.

SonicWALL has released an IPS signature to detect and block specific exploitation attempts targeting this vulnerability. The signature is listed below:

  • 7622 VideoLAN VLC Media Player ASX Handling Buffer Overflow