CVE-2009-2484 Information

Description

Stack-based buffer overflow in the Win32AddConnection function in modules/access/smb.c in VideoLAN VLC media player 0.9.9 when running on Microsoft Windows allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long smb URI in a playlist file.

Reference

http://git.videolan.org/?p=vlc.git;a=commit;h=e60a9038b13b5eb805a76755efc5c6d5e080180f http://secunia.com/advisories/35558 http://www.exploit-db.com/exploits/9029 http://www.securityfocus.com/bid/35500 http://www.vupen.com/english/advisories/2009/1714 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A14800