CVE-2012-1775

VLC media player < 2.0.1 - Remote Code Execution via Crafted MMS Stream

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2012-1775. PoCs published by Metasploit, Florent Hochwelker, sinn3r, juan vazquez, including Metasploit module exploits/windows/browser/vlc_mms_bof.

AI-analyzed exploit summary This Metasploit module exploits a buffer overflow in VLC media player (CVE-2012-1775) via a malicious MMS URI delivered through a browser. It leverages SEH overwrite and heap spraying to achieve remote code execution on vulnerable systems.

Description

Stack-based buffer overflow in VideoLAN VLC media player before 2.0.1 allows remote attackers to execute arbitrary code via a crafted MMS:// stream.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/18825

This Metasploit module exploits a buffer overflow in VLC media player (CVE-2012-1775) via a malicious MMS URI delivered through a browser. It leverages SEH overwrite and heap spraying to achieve remote code execution on vulnerable systems.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: VLC media player prior to 2.0.0
No auth needed
Prerequisites: Victim must visit a malicious webpage using Internet Explorer 6 or 7 on Windows XP SP3 · VLC media player < 2.0.0 installed
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC NORMAL
by Florent Hochwelker, sinn3r, juan vazquez · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/vlc_mms_bof.rb

This Metasploit module exploits a buffer overflow in VLC media player prior to version 2.0.0 via a malicious MMS URI, leveraging heap spraying and SEH overwrite to achieve remote code execution. It targets Internet Explorer 6 and 7 on Windows XP SP3 due to the lack of DEP/ASLR bypass.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: VLC media player < 2.0.0
No auth needed
Prerequisites: Victim must visit a malicious webpage using Internet Explorer 6 or 7 on Windows XP SP3 · VLC media player < 2.0.0 must be installed
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (6)

Core 6
Core References
Vendor Advisory x_refsource_confirm
http://www.videolan.org/security/sa1201.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/53391
Exploit, Third Party Advisory exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/18825
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/52550
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14820

Scores

EPSS 0.7289
EPSS Percentile 98.8%

Details

CWE
CWE-119
Status published
Products (48)
videolan/vlc_media_player 0.1.99a
videolan/vlc_media_player 0.1.99b
videolan/vlc_media_player 0.1.99c
videolan/vlc_media_player 0.1.99d
videolan/vlc_media_player 0.1.99e
videolan/vlc_media_player 0.1.99f
videolan/vlc_media_player 0.1.99g
videolan/vlc_media_player 0.1.99h
videolan/vlc_media_player 0.1.99i
videolan/vlc_media_player 0.2.0
... and 38 more
Published Mar 19, 2012
Tracked Since Feb 18, 2026