CVE-2008-3794

VLC Media Player 0.8.6i - Remote Code Execution via Crafted MMST Link

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-3794. PoCs published by g_.

AI-analyzed exploit summary This exploit targets a heap overflow vulnerability in VLC 0.8.6i via the MMS protocol. The PoC demonstrates how a maliciously crafted MMS stream can trigger a heap overflow, leading to potential remote code execution.

Description

Integer signedness error in the mms_ReceiveCommand function in modules/access/mms/mmstu.c in VLC Media Player 0.8.6i allows remote attackers to execute arbitrary code via a crafted mmst link with a negative size value, which bypasses a size check and triggers an integer overflow followed by a heap-based buffer overflow.

Exploits (1)

exploitdb WORKING POC VERIFIED

by g_ · textdosmultiple

https://www.exploit-db.com/exploits/6293

View Code ZIP pw:eip

This exploit targets a heap overflow vulnerability in VLC 0.8.6i via the MMS protocol. The PoC demonstrates how a maliciously crafted MMS stream can trigger a heap overflow, leading to potential remote code execution.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: VLC 0.8.6i

No auth needed

Prerequisites: Attacker-controlled MMS server · Victim opens a malicious mmst:// link

MITRE ATT&CK