CVE-2010-3275

VideoLAN VLC Media Player <1.1.8 - RCE

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2010-3275. PoCs published by Metasploit, sinn3r, including Metasploit module exploits/windows/browser/vlc_amv.

AI-analyzed exploit summary This Metasploit module exploits a dangling pointer vulnerability in VLC media player (CVE-2010-3275) by manipulating the 0x41st byte in an .AMV file, leading to arbitrary code execution. It uses a combination of JavaScript heap spraying and a malicious .AMV file to trigger the vulnerability.

Description

libdirectx_plugin.dll in VideoLAN VLC Media Player before 1.1.8 allows remote attackers to execute arbitrary code via a crafted width in an AMV file, related to a "dangling pointer vulnerability."

Exploits (2)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/17048

This Metasploit module exploits a dangling pointer vulnerability in VLC media player (CVE-2010-3275) by manipulating the 0x41st byte in an .AMV file, leading to arbitrary code execution. It uses a combination of JavaScript heap spraying and a malicious .AMV file to trigger the vulnerability.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: VLC media player 1.1.4-1.1.7
No auth needed
Prerequisites: Victim must visit a malicious web page or open a crafted .AMV file · VLC media player must be installed and vulnerable
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC GOOD
by sinn3r · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/vlc_amv.rb

This Metasploit module exploits a dangling pointer vulnerability in VLC media player (CVE-2010-3275) by manipulating the 0x41st byte in an AMV file, leading to arbitrary code execution. It uses heap spraying and ROP techniques to achieve reliable exploitation across multiple browser and OS targets.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: VLC media player 1.1.4-1.1.7
No auth needed
Prerequisites: Victim must visit a malicious webpage hosting the exploit · VLC ActiveX control must be installed and enabled
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (14)

Core 14
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1025250
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0759
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/43826
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2011/dsa-2211
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/17048
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/517150/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/71277
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/66259
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14718
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/8162
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/47012

Scores

EPSS 0.7551
EPSS Percentile 99.5%

Details

CWE
CWE-119
Status published
Products (50)
videolan/vlc_media_player 0.1.99b
videolan/vlc_media_player 0.1.99e
videolan/vlc_media_player 0.1.99f
videolan/vlc_media_player 0.1.99g
videolan/vlc_media_player 0.1.99h
videolan/vlc_media_player 0.1.99i
videolan/vlc_media_player 0.2.0
videolan/vlc_media_player 0.2.60
videolan/vlc_media_player 0.2.61
videolan/vlc_media_player 0.2.62
... and 40 more
Published Mar 28, 2011
Tracked Since Feb 18, 2026