‫ VLC Media Player SWF Video Decoding Use-After-Free Vulnerability

IRCAD2012122364
ID: IRCAD2012122364
Release Date: 2012-12-12
Criticality level: Highly critical
Software:
VLC Media Player 2.x
Description:
Kaveh ghaemmaghami has discovered a vulnerability in VLC Media Player, which can be exploited by malicious people to potentially compromise a user's system.
The vulnerability is caused due to a use-after-free error when releasing a picture object during video decoding of Flash (SWF) files. This can be exploited to reference an object's callback function pointer from already freed memory.
Successful exploitation may allow execution of arbitrary code.
The vulnerability is confirmed in version 2.0.4. Other versions may also be affected.
Solution
No official solution is currently available.
References:
Kaveh ghaemmaghami:
Secunia:
 

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 23 آذر 1391

امتیاز

امتیاز شما
تعداد امتیازها:0