Title:Videolan VLC Media Player 'bin/winvlc.c'非信任搜索路径漏洞 (CVE-2010-3124) Description:VideoLAN VLC media player是法国VideoLAN组织开发的一款免费、开源的跨平台多媒体播放器(也是一个多媒体框架)。该产品支持播放多种介质(文件、光盘等)、多种音视频格式(WMV, MP3等)等。 VLC Media Player 1.1.3以及之前版本中的bin/winvlc.c存在非信任搜索路径漏洞。本地用户及远程攻击者可以借助与.mp3文件同在一个目录下的wintab32.dll执行任意代码和DLL劫持攻击。
1. It is advised to access via the original source first.2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.