Title : VLC Player 2.1.5 DEP Access Violation Vulnerability Discoverer: Veysel HATAS (@muh4f1z) Web page : www.binarysniper.net Vendor : VideoLAN VLC Project Test: Windows XP SP3 Status: Fixed Severity : High CVE ID : CVE-2014-9597 NIST: ​https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9597 OSVDB ID : 116450 VLC Ticket : 13389 windbglog : windbglog.txt Discovered : 24 November 2014 Reported : 26 December 2014 Published : 9 January 2015 Description : VLC Media Player contains a flaw that is triggered as user-supplied input is not properly sanitized when handling a specially crafted FLV file . This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. # Exploit-DB Mirror: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/35901-poc.flv # Exploit-DB Mirror: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/35901-windbglog.txt