[vlc-devel] VLC 0.9.8a Web UI (input) Remote Denial of Service

פלדמן פלדמן feldman230 at hotmail.com
Mon Mar 16 22:54:01 CET 2009

Sorry I haven't been posting this before I published the exploit. Guess It's better late than never..

VLC 0.9.8a suffers from a remote stack overflow in the web UI which can be exploited to remotely cause a denial of service.
The bug can be exploited by sending an HTTP GET request to status.xml with the argument "input" overflowed by an around 2,000,000 character long buffer.

Please fix this as soon as possible.
Regards, TheLeader


שתף תמונות בקלות עם ™Windows Live.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.videolan.org/pipermail/vlc-devel/attachments/20090316/9ca9f7b8/attachment.html>

More information about the vlc-devel mailing list