This module runs a web server waiting for vulnerable clients to connect to it. When the client connects, it will try to install an agent by exploiting a vulnerability in VLC, which allows user-assisted remote attackers to execute code via a crafted OGG file that triggers format string and overwrites a subroutine pointer during rendering. The module will send an e-mail with a specially crafted HTML page waiting for victim users to connect through it. If target system does not have either the ActiveX plugin (Internet Explorer) or the Mozilla plugin (Firefox, Opera), when the user clicks on the e-mail link the browser will download a file in order to be executed so agent can be deployed. Otherwise, remote file will be executed directly.
CVE Link
Exploit Type
Product Name