oss-sec mailing list archives
CVE request: VLC media player - DLL preloading vulnerability
From: Geoffroy Couprie <geal () videolan org>
Date: Wed, 25 Aug 2010 23:32:33 +0200
Hello, We fixed the DLL preloading vulnerability in VLC media player with this commit: http://git.videolan.org/?p=vlc/vlc-1.1.git;a=blobdiff;f=bin/winvlc.c;h=ac9b97ca9f5f9ba001f13bf61eb5127a1c1dbcbf;hp=2d09cba320e3b0def7069ce1ebab25d1340161c5;hb=43a31df56c37bd62c691cdbe3c1f11babd164b56;hpb=2d366da738b19f8d761d7084746c6db6f52808c6 VLC was exploitable by loading wintab32.dll, a component request by Qt, as shown in http://www.exploit-db.com/exploits/14750/ There's another possibility with DMO. Will there be a CVE ID by vulnerable application (presumably, this will need a lot of IDs), or only one for Windows? Best regards, Geoffroy Couprie
Current thread:
- CVE request: VLC media player - DLL preloading vulnerability Geoffroy Couprie (Aug 25)
- Re: CVE request: VLC media player - DLL preloading vulnerability Steven M. Christey (Aug 25)
- Re: CVE request: VLC media player - DLL preloading vulnerability Geoffroy Couprie (Aug 26)
- Re: CVE request: VLC media player - DLL preloading vulnerability Steven M. Christey (Aug 25)