Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2010-3124 — VLC Media Player vulnerability

5 documents5 sources

Severity

9.3CRITICALNVD

EPSS

8.4%

top 7.67%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Videolan VLC Media Player

Timeline

PublishedAug 26

Latest updateMay 17

Description

Untrusted search path vulnerability in bin/winvlc.c in VLC Media Player 1.1.3 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wintab32.dll that is located in the same folder as a .mp3 file.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

▶NVDvideolan/vlc_media_player1.1.3+64

Patches

Patch: www.openwall.com ↗Patch: www.openwall.com ↗

🔴Vulnerability Details

GHSA

GHSA-4xrq-5f3r-xxq5: Untrusted search path vulnerability in bin/winvlc↗2022-05-17

▶

CVEList

CVE-2010-3124: Untrusted search path vulnerability in bin/winvlc↗2010-08-26

▶

💥Exploits & PoCs

Exploit-DB

VideoLAN VLC Media Player 1.1.3 - 'wintab32.dll' DLL Hijacking↗2010-08-25

▶

📋Vendor Advisories

Debian

CVE-2010-3124: vlc - Untrusted search path vulnerability in bin/winvlc.c in VLC Media Player 1.1.3 an...↗2010

▶