CVE-2010-3124

VLC Media Player < 1.1.3 - Untrusted Search Path and DLL Hijacking via wintab32.dll

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2010-3124. PoCs published by Secfence, KOBUKOVUI.

AI-analyzed exploit summary This exploit leverages a DLL hijacking vulnerability in VLC Player (CVE-2010-3124) by placing a malicious wintab32.dll in the same directory as an .mp3 file. When the .mp3 is opened in VLC, the DLL is loaded and executes arbitrary code (a MessageBox in this case).

Description

Untrusted search path vulnerability in bin/winvlc.c in VLC Media Player 1.1.3 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wintab32.dll that is located in the same folder as a .mp3 file.

Exploits (2)

exploitdb WORKING POC

by Secfence · textlocalwindows

https://www.exploit-db.com/exploits/14750

View Code ZIP pw:eip

This exploit leverages a DLL hijacking vulnerability in VLC Player (CVE-2010-3124) by placing a malicious wintab32.dll in the same directory as an .mp3 file. When the .mp3 is opened in VLC, the DLL is loaded and executes arbitrary code (a MessageBox in this case).

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: VLC Player (version unspecified, likely <= 1.1.4)

No auth needed

Prerequisites: Ability to place files in a directory accessible to the victim · Victim must open the .mp3 file in VLC Player

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 1 stars

by KOBUKOVUI · poc

https://github.com/KOBUKOVUI/DLL_Injection_On_VLC

View Code ZIP pw:eip

This repository contains functional exploit code demonstrating DLL injection via CVE-2010-3124, an untrusted search path vulnerability in VLC Media Player 1.1.3 and earlier. The PoC leverages a malicious wintab32.dll placed alongside an MP3 file to achieve arbitrary code execution.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: VLC Media Player <= 1.1.3

No auth needed

Prerequisites: Malicious DLL (wintab32.dll) · Target system with vulnerable VLC version · Local file system access

MITRE ATT&CK

T1055 - Process Injection T1574.001 - DLL

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (7)

Core 7

Core References

Patch x_refsource_confirm

http://git.videolan.org/?p=vlc/vlc-1.1.git%3Ba=blobdiff%3Bf=bin/winvlc.c%3Bh=ac9b97ca9f5f9ba001f13bf61eb5127a1c1dbcbf%3Bhp=2d09cba320e3b0def7069ce1ebab25d1340161c5%3Bhb=43a31df56c37bd62c691cdbe3c1f11babd164b56%3Bhpb=2d366da738b19f8d761d7084746c6db6f52808c6

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2010/2172

Patch mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2010/08/25/9

Exploit exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/14750

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/41107

Mailing List mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2010/08/25/10

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12190

Scores

EPSS 0.1251

EPSS Percentile 95.7%

Details

Status published

Products (50)

videolan/vlc_media_player 0.1.99b

videolan/vlc_media_player 0.1.99e

videolan/vlc_media_player 0.1.99f

videolan/vlc_media_player 0.1.99g

videolan/vlc_media_player 0.1.99h

videolan/vlc_media_player 0.1.99i

videolan/vlc_media_player 0.2.0

videolan/vlc_media_player 0.2.60

videolan/vlc_media_player 0.2.61

videolan/vlc_media_player 0.2.62

... and 40 more

Published Aug 26, 2010

Tracked Since Feb 18, 2026