Summary : Arbitrary file overwrite and other abuses
through M3U parser
Date : November 2007
Affected versions : VLC media player 0.8.6c and earlier
ID : VideoLAN-SA-0804
CVE reference : CVE-2007-6683
Details
Using VLC media player's M3U Playlist Parser could lead
to arbitrary file overwrite and other unwanted action
within the security context of the user running VLC.
Impact
If successful, a malicious third party could misuse the Stream Output
features of VLC media player's the M3U Playlist Parser to write arbitrary data
to any accessible file system locations, send packets on the network, etc.
Threat mitigation
Exploitation of these design issues requires the user to open a specially
crafted M3U playlist file.
Workarounds
The user should not use VLC media player's --m3u-extvlcopt
setting, which enables parsing of exploitable playlist item options.
This option is only found in some 0.8.6 releases;
from VLC 0.9.0, unsafe playlist extensions are always ignored.
Solution
VLC media player 0.8.6d addresses these design issues
and introduces further usability fixes.
Credits
These vulnerabilities were discovered internally by multiple members
of the VideoLAN Team, notably Damien Fouilleul and Rémi Denis-Courmont.
