Published: 26/08/2010 Updated: 07/11/2023

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 935

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Untrusted search path vulnerability in bin/winvlc.c in VLC Media Player 1.1.3 and previous versions allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wintab32.dll that is located in the same folder as a .mp3 file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
videolan vlc media player 0.7.2
videolan vlc media player 0.5.0
videolan vlc media player 0.2.62
videolan vlc media player 0.4.0
videolan vlc media player 0.1.99e
videolan vlc media player 1.0.3
videolan vlc media player 0.8.0
videolan vlc media player 0.1.99g
videolan vlc media player 0.2.70
videolan vlc media player 0.4.3
videolan vlc media player 0.9.4
videolan vlc media player 0.8.5
videolan vlc media player 0.6.2
videolan vlc media player 0.2.61
videolan vlc media player 0.9.10
videolan vlc media player 0.2.71
videolan vlc media player 0.2.83
videolan vlc media player 0.8.4
videolan vlc media player 0.2.72
videolan vlc media player 0.8.6
videolan vlc media player 0.2.0
videolan vlc media player 0.3.0
videolan vlc media player 0.4.4
videolan vlc media player 0.2.80
videolan vlc media player 0.5.2
videolan vlc media player 0.7.0
videolan vlc media player 0.9.8a
videolan vlc media player 0.2.81
videolan vlc media player 1.0.1
videolan vlc media player 0.5.3
videolan vlc media player 0.2.60
videolan vlc media player 1.1.2
videolan vlc media player 1.0.0
videolan vlc media player 0.4.6
videolan vlc media player 0.9.5
videolan vlc media player 0.6.0
videolan vlc media player 0.2.73
videolan vlc media player 1.0.4
videolan vlc media player 0.2.82
videolan vlc media player 1.1.0
videolan vlc media player 0.1.99h
videolan vlc media player 0.4.1
videolan vlc media player 0.2.92
videolan vlc media player 0.2.91
videolan vlc media player 0.5.1
videolan vlc media player 0.4.2
videolan vlc media player 1.0.2
videolan vlc media player 0.9.2
videolan vlc media player 0.1.99b
videolan vlc media player 0.6.1
videolan vlc media player 0.1.99f
videolan vlc media player
videolan vlc media player 0.1.99i
videolan vlc media player 0.8.1
videolan vlc media player 0.9.9
videolan vlc media player 1.1.1
videolan vlc media player 0.2.90
videolan vlc media player 0.8.2
videolan vlc media player 0.4.5
videolan vlc media player 1.0.6
videolan vlc media player 1.0.5
videolan vlc media player 0.9.3
videolan vlc media player 0.2.63
videolan vlc media player 0.9.6
videolan vlc media player 0.3.1

Exploit Title: VLC Player DLL Hijack Vulnerability Date: 25 Aug 2010 Author: Secfence Version: VLC Tested on: Windows XP Place a mp3 file and wintab32dll in same folder and execute mp3 file in vlc player Code for wintab32dll: /*----------*/ /* wintab32cpp */ #include "stdafxh" #include "dragonh" void init() { MessageBox(NULL,"Pwned", ...

NVD-CWE-Other http://www.vupen.com/english/advisories/2010/2172 http://www.openwall.com/lists/oss-security/2010/08/25/9 http://www.exploit-db.com/exploits/14750 http://www.openwall.com/lists/oss-security/2010/08/25/10 http://secunia.com/advisories/41107 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12190 http://git.videolan.org/?p=vlc/vlc-1.1.git%3Ba=blobdiff%3Bf=bin/winvlc.c%3Bh=ac9b97ca9f5f9ba001f13bf61eb5127a1c1dbcbf%3Bhp=2d09cba320e3b0def7069ce1ebab25d1340161c5%3Bhb=43a31df56c37bd62c691cdbe3c1f11babd164b56%3Bhpb=2d366da738b19f8d761d7084746c6db6f52808c6 https://nvd.nist.gov https://www.exploit-db.com/exploits/14750/

CVE-2010-3124

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect