[vlc-devel] VLC 0.9.8a Web UI (input) Remote Denial of Service
פלדמן פלדמן
feldman230 at hotmail.com
Mon Mar 16 22:54:01 CET 2009
Sorry I haven't been posting this before I published the exploit. Guess It's better late than never..
VLC 0.9.8a suffers from a remote stack overflow in the web UI which can be exploited to remotely cause a denial of service.
The bug can be exploited by sending an HTTP GET request to status.xml with the argument "input" overflowed by an around 2,000,000 character long buffer.
Please fix this as soon as possible.
Regards, TheLeader
http://www.milw0rm.com/exploits/8213
_________________________________________________________________
שתף תמונות בקלות עם ™Windows Live.
http://www.microsoft.com/windows/windowslive/products/photos.aspx
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.videolan.org/pipermail/vlc-devel/attachments/20090316/9ca9f7b8/attachment.html>
More information about the vlc-devel
mailing list