VLC Media Player Read Access Violation Arbitrary Code Execution Vulnerability

Summary

VLC Media Player is prone to an arbitrary code-execution vulnerability.

Credit:

The information has been provided by Jean Pascal Pereira.


Details

Vulnerable Systems:
 * VLC Media Player 2.0.3

libpng_plugin in VideoLAN VLC media player 2.0.3 allows remote attackers to cause a denial of service (application crash) via a crafted PNG file.

The following proof-of-concept is available:
http://downloads.securityfocus.com/vulnerabilities/exploits/55850.pl.txt

CVE Information:
CVE-2012-5470

Disclosure Timeline:
Published: October 10 2012

Categories: News