=====================================================================
                                    CERT-Renater

                         Note d'Information No. 2007/VULN474
_____________________________________________________________________

DATE                      : 03/12/2007

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running VLC.

======================================================================
http://www.videolan.org/sa0703.html
http://mailman.videolan.org/pipermail/videolan-announce/2007-December/000129.html
______________________________________________________________________

Security Advisory 0703

Summary           : Recursive plugin release vulnerability in
                     Active X plugin
Date              : 30 November 2007
Affected versions : VLC media player 0.8.6 to 0.8.6c
ID                : VideoLAN-SA-0703, CORE-2007-1004
CVE reference     :

Details

VLC media player's ActiveX plugin is prone to a recursive plugin release
vulnerability when being used within specifically crafted websites.


Impact

If successful, a malicious third party could use this vulnerability to
overwrite memory zones and execute arbitrary code within the context of
the VLC media player's ActiveX plugin (i.e. acquire local user
privileges on the vulnerable system).


Threat mitigation

Exploitation of this bug requires the user to visit a malicious crafted
website using VLC media player's ActiveX plugin.


Workarounds

The user may use VLC media player's Mozilla plugin for Mozilla Firefox
or Seamonkey, which are not affected by this issue and provide the same
features set.

Otherwise, websites from untrusted sources should not be opened.


Solution

VLC media player 0.8.6d adresses this issue and introduces further
usability fixes.

Pre-compiled packages for MS Windows are available at the usual download

locations.
Credits

This vulnerability was discovered by Ricardo Narvaja (Ricnar) from the
Exploit Writers team of Core Security Technologies.


References

CORE Security Technologies
     http://www.coresecurity.com/
The VideoLAN project
     http://www.videolan.org/


History

30 November 2007
     VLC 0.8.6d bugfix release
     Binaries for MS Windows
17 November 2007
     Source code fixes for VLC 0.8.6c and development tree
29 October 2007
     Bug reported by Ricardo Narvaja

Damien Fouilleul, Felix Paul Kühne,
on behalf of the VideoLAN project


======================================================================

           =========================================================
           Les serveurs de référence du CERT-Renater
           http://www.urec.fr/securite
           http://www.cru.fr/securite
           http://www.renater.fr
           =========================================================
           + CERT-RENATER          | tel : 01-53-94-20-44          +
           + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
           + 75013 Paris           | email: certsvp@renater.fr     +
           =========================================================