CVE-2007-0017
CVE-2007-0017
Multiple format string vulnerabilities in (1) the cdio_log_handler function in modules/access/cdda/access.c in the CDDA (libcdda_plugin) plugin, and the (2) cdio_log_handler and (3) vcd_log_handler functions in modules/access/vcdx/access.c in the VCDX (libvcdx_plugin) plugin, in VideoLAN VLC 0.7.0 through 0.8.6 allow user-assisted remote attackers to execute arbitrary code via format string specifiers in an invalid URI, as demonstrated by a udp://-- URI in an M3U file.
Affected products
n/a · n/apublic PoCs found — 2
exploitdbwww.exploit-db.com/exploits/3069unverifiedexploitdbwww.exploit-db.com/exploits/3070unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://applefun.blogspot.com/2007/01/moab-02-01-2007-vlc-media-player-udp.htmlhttp://landonf.bikemonkey.org/code/macosx/MOAB_Day_2.20070103045559.6753.timor.htmlhttp://osvdb.org/31163http://projects.info-pull.com/moab/MOAB-02-01-2007.htmlhttp://secunia.com/advisories/23592http://secunia.com/advisories/23829http://secunia.com/advisories/23910http://secunia.com/advisories/23971http://security.gentoo.org/glsa/glsa-200701-24.xmlhttp://securitytracker.com/id?1017464https://exchange.xforce.ibmcloud.com/vulnerabilities/31226https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14313