VideoLAN, a project and a non-profit organization.

Security Advisory 1006

Summary           : Stack smashing in Samba access
Date              : November 2010
Affected versions : VLC media player for Windows, versions up to 1.1.4
ID                : VideoLAN-SA-1006
CVE reference     : N/A

Details

Due to an error in the declaration of code calling conventions, VLC for Windows suffers from a stack smashing attack in the Samba network share access module.

This issue affects only the Windows versions of VLC media player.

Impact

Successful exploitation could enable execution of arbitrary code within the context of VLC media player.

Workarounds

The user should refrain from opening files from untrusted third parties or accessing untrusted remote sites (network shares, USB keys).
The problem can also be prevented by deleting the faulty file at C:\Program Files\VideoLAN\VLC\plugins\libaccess_smb_plugin.dll until the patch is applied.

Solution

VLC media player 1.1.5 addresses this issue. The patch for VLC media player 1.1.x is available from the corresponding official VLC source code repositories.

Credits

This vulnerability was documented by shinnai.

References

The VideoLAN project
http://www.videolan.org/
Patch for VLC 1.1.4, 1.1.3, 1.1.2, 1.1.1, 1.1.0
commit b531955c2206c88250cacc511793facc32cbced6

History

26 October 2010
Details of the vulnerability made public.
29 October 2010
The vulnerability is brought to the knowledge of VideoLAN through another bug report.
02 November 2010
Vendor patch for VLC 1.1.4.
Initial security advisory.
13 November 2010
VLC 1.1.5 release.
Rafaël Carré,
on behalf of the VideoLAN project