VideoLAN, a project and a non-profit organization.

Security Advisory 1005

Summary           : DLL preloading vulnerability
Date              : August 2010
Affected versions : All VLC media player versions up to 1.1.3
ID                : VideoLAN-SA-1005
CVE reference     : CVE-2010-3124


Due to the DLL loading design on Windows, VLC loads automatically a DLL from the current directory, if it doesn't find it in VLC's application directory or in system directories. A few modules of VLC are affected (only Qt4 and DMO are known at the moment).


If successful, the exploit can execute arbitrary code within the context of VLC media player.

Threat mitigation

Microsoft has published workarounds ( ) and a tool ( ) that fixes the vulnerability for all affected software on the computer.


The user should refrain from opening files from untrusted third parties or accessing untrusted remote sites (network shares, USB keys), until the patch is applied.


VLC media player 1.1.4 addresses this issue. The patch for VLC media player 1.1.x is available from the corresponding official VLC source code repositories.


This vulnerability was reported by Georgi Guninski, Taeho Kwon, ACROS Security and H.D. Moore.
An exploit was posted on exploit-db by Vinay Katoch.


The VideoLAN project
Patch for VLC 1.1.3, 1.1.2, 1.1.1, 1.1.0
commit 43a31df56c37bd62c691cdbe3c1f11babd164b56


23 August 2010
Details of the vulnerability released.
25 August 2010
Exploit release.
Vendor patch for VLC 1.1.3.
26 August 2010
Initial security advisory.
CVE reference assigned.
27 August 2010
VLC 1.1.4 release.
Geoffroy Couprie,
on behalf of the VideoLAN project