CVE-2008-4558

VLC media player 0.9.2 - Remote Code Execution via XSPF Playlist Negative Identifier Tag

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-4558. PoCs published by Core Security.

AI-analyzed exploit summary This exploit demonstrates a memory corruption vulnerability in VLC media player 0.9.2 due to improper bounds-checking on the 'identifier' tag in XSPF playlist files. By providing a negative value for the 'identifier', an attacker can overwrite arbitrary memory addresses, potentially leading to arbitrary code execution.

Description

Array index error in VLC media player 0.9.2 allows remote attackers to overwrite arbitrary memory and execute arbitrary code via an XSPF playlist file with a negative identifier tag, which passes a signed comparison.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Core Security · textdoswindows

https://www.exploit-db.com/exploits/6756

View Code ZIP pw:eip

This exploit demonstrates a memory corruption vulnerability in VLC media player 0.9.2 due to improper bounds-checking on the 'identifier' tag in XSPF playlist files. By providing a negative value for the 'identifier', an attacker can overwrite arbitrary memory addresses, potentially leading to arbitrary code execution.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: VLC media player 0.9.2

No auth needed

Prerequisites: VLC media player 0.9.2 installed · User interaction to open a malicious XSPF file

MITRE ATT&CK