Summary : Stack smashing in Samba access Date : November 2010 Affected versions : VLC media player for Windows, versions up to 1.1.4 ID : VideoLAN-SA-1006 CVE reference : N/A
Due to an error in the declaration of code calling conventions, VLC for Windows suffers from a stack smashing attack in the Samba network share access module.
This issue affects only the Windows versions of VLC media player.
Successful exploitation could enable execution of arbitrary code within the context of VLC media player.
The user should refrain from opening files from untrusted third
parties or accessing untrusted remote sites (network shares, USB keys).
The problem can also be prevented by deleting the faulty file at C:\Program Files\VideoLAN\VLC\plugins\libaccess_smb_plugin.dll until the patch is applied.
VLC media player 1.1.5 addresses this issue. The patch for VLC media player 1.1.x is available from the corresponding official VLC source code repositories.
This vulnerability was documented by shinnai.