CVE-2007-0017

VLC Media Player 0.7.0-0.8.6 - Remote Code Execution via Format String in CDDA/VCDX URI Handler

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2007-0017. PoCs published by MoAB.

AI-analyzed exploit summary This exploit generates a malicious .m3u file targeting VLC Player for OSX (CVE-2007-0017), leveraging a format string vulnerability to execute arbitrary code via a bindshell payload.

Description

Multiple format string vulnerabilities in (1) the cdio_log_handler function in modules/access/cdda/access.c in the CDDA (libcdda_plugin) plugin, and the (2) cdio_log_handler and (3) vcd_log_handler functions in modules/access/vcdx/access.c in the VCDX (libvcdx_plugin) plugin, in VideoLAN VLC 0.7.0 through 0.8.6 allow user-assisted remote attackers to execute arbitrary code via format string specifiers in an invalid URI, as demonstrated by a udp://-- URI in an M3U file.

Exploits (2)

exploitdb WORKING POC VERIFIED

by MoAB · perllocalosx

https://www.exploit-db.com/exploits/3070

View Code ZIP pw:eip

This exploit generates a malicious .m3u file targeting VLC Player for OSX (CVE-2007-0017), leveraging a format string vulnerability to execute arbitrary code via a bindshell payload.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: VLC Player for OSX (versions prior to fix for CVE-2007-0017)

No auth needed

Prerequisites: Vulnerable version of VLC Player for OSX · User interaction to open the malicious .m3u file

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by MoAB · perldososx

https://www.exploit-db.com/exploits/3069

View Code ZIP pw:eip

This exploit leverages a format string vulnerability in VLC Media Player for OSX on PPC to overwrite a saved return address, redirecting execution to shellcode. It generates a malicious .m3u file that triggers arbitrary code execution when opened.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: VLC Media Player for OSX (PPC)

No auth needed

Prerequisites: VLC Media Player for OSX (PPC) installed · Victim opens the malicious .m3u file

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (20)

Core 20

Core References

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2007/0026

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/23971

Patch x_refsource_confirm

http://www.videolan.org/patches/vlc-0.8.6-MOAB-02-01-2007.patch

Various Sources x_refsource_misc

http://applefun.blogspot.com/2007/01/moab-02-01-2007-vlc-media-player-udp.html

Various Sources mailing-list x_refsource_mlist

http://www.via.ecp.fr/via/ml/vlc-devel/2007-01/msg00005.html

Various Sources x_refsource_misc

http://landonf.bikemonkey.org/code/macosx/MOAB_Day_2.20070103045559.6753.timor.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/21852

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/31226

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/31163

Vendor Advisory vendor-advisory x_refsource_suse

http://www.novell.com/linux/security/advisories/2007_13_xine.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://securitytracker.com/id?1017464

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/23829

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/23592

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/23910

Third Party Advisory vendor-advisory x_refsource_gentoo

http://security.gentoo.org/glsa/glsa-200701-24.xml

Exploit, Vendor Advisory x_refsource_misc

http://projects.info-pull.com/moab/MOAB-02-01-2007.html

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14313

Vendor Advisory x_refsource_confirm

http://www.videolan.org/sa0701.html

Various Sources x_refsource_confirm

http://trac.videolan.org/vlc/changeset/18481

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2007/dsa-1252

Scores

EPSS 0.1197

EPSS Percentile 95.6%

Details

CWE

CWE-134

Status published

Products (10)

videolan/vlc_media_player 0.7.0

videolan/vlc_media_player 0.7.1

videolan/vlc_media_player 0.7.2

videolan/vlc_media_player 0.8.0

videolan/vlc_media_player 0.8.1

videolan/vlc_media_player 0.8.2

videolan/vlc_media_player 0.8.4

videolan/vlc_media_player 0.8.4a

videolan/vlc_media_player 0.8.5

videolan/vlc_media_player 0.8.6

Published Jan 03, 2007

Tracked Since Feb 18, 2026