CVE-2009-1045

VLC Media Player 0.9.8a - Denial of Service via Long Input Argument in requests/status.xml

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-1045. PoCs published by TheLeader.

AI-analyzed exploit summary This exploit targets a stack overflow vulnerability in VLC 0.9.8a's web interface by sending an overly long HTTP GET request to the /requests/status.xml endpoint, causing a denial of service (DoS). The PoC demonstrates the crash by sending a large number of 'A' characters in the input parameter.

Description

requests/status.xml in VLC 0.9.8a allows remote attackers to cause a denial of service (stack consumption and crash) via a long input argument in an in_play action.

Exploits (1)

exploitdb WORKING POC VERIFIED

by TheLeader · perldoswindows

https://www.exploit-db.com/exploits/8213

View Code ZIP pw:eip

This exploit targets a stack overflow vulnerability in VLC 0.9.8a's web interface by sending an overly long HTTP GET request to the /requests/status.xml endpoint, causing a denial of service (DoS). The PoC demonstrates the crash by sending a large number of 'A' characters in the input parameter.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: VLC 0.9.8a

No auth needed

Prerequisites: VLC 0.9.8a with web interface enabled · Network access to the target host

MITRE ATT&CK