Intrusion Prevention

VideoLan.VLC.Media.Player.Remote.Format.String

Description

This indicates an attempt to exploit a Format String vulnerability in VLC Media Player.
The vulnerability may allow a remote attacker to execute arbitrary code via an "M3U" file with a specially crafted "udp://" URL, with format string specifiers in the file.

Affected Products

VideoLAN VLC versions 0.7.0 through 0.8.6

Impact

System compromise: Remote code execution.

Recommended Actions

Upgrade to the latest version, available from the Web site.
http://www.videolan.org/vlc/

CVE References

CVE-2007-0017