MOAB-02-01-2007 - VLC Media Player udp:// Format String Vulnerability
Summary
The following description of the software is provided by vendor (VideoLAN):
VideoLAN is a software project, which produces free software for video, released under the GNU General Public License. The main product is the cross-platform VLC media player. The VLC media player is a highly portable multimedia player for various audio and video formats (MPEG1, MPEG2, MPEG4, DivX, mp3, ogg, ...) as well as DVDs, VCDs, and various streaming protocols. It can also be used as a server to stream in unicast or multicast in IPv4 or IPv6 on a high-bandwidth network.
A format string vulnerability exists in the handling of the udp:// URL handler. By supplying a specially crafted string, a remote attacker could cause an arbitrary code execution condition, under the privileges of the user running VLC.
Affected versions
This issue has been successfully exploited in VLC version 0.8.6 for Mac OS X. Previous versions and other platforms might be affected (thanks to David Maynor for confirming the issue in the Microsoft Windows version).
Workaround or temporary solution
The only potential workaround would be to disable the udp:// URL handler, uninstalling VLC, updating to CVS version when fix has been made available or simply live with the feeling of being a potential target for pwnage.
Link to MOAB-02-01-2007 - VLC Media Player udp:// Format String Vulnerability