This module exploits a vulnerability in VideoLan Media Player (VLC). Stack-based buffer overflow in the parse_master function in the Ty demux plugin (modules/demux/ty.c) in VLC Media Player 0.9.0 through 0.9.4 allows remote attackers to execute arbitrary code via a TiVo TY media file with a header containing a crafted size value. This module runs a malicious web site on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to the web site.

VLC Media Player contains a buffer prone to exploitation via an overly long string. The vulnerability is caused due to a boundary error when handling crafted .XSPF files. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.

This module runs a server waiting for vulnerable clients to connect to it. When the client connects, it will try to install an agent by exploiting a vulnerability in VLC Media Player, which allows unauthenticated attackers to execute arbitrary code or cause a denial of service condition. The module will send an e-mail with a specially crafted HTML page waiting for victim users to connect through it. When the user clicks on the link, a connection is made to a specially crafted RTSP stream that triggers the vulnerability.

This module exploits a vulnerability in VideoLan Media Player (VLC). A stack-based buffer overflow in the ParseRealText function in the Subtitle demux plugin (modules\demux\subtitle.c) in VLC Media Player 0.9.4 allows remote attackers to execute arbitrary code via a realtext RT media file with a header containing a crafted size value. This module runs a malicious web site on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to the web site.

A code execution vulnerability exists in the way that VLC handles specially crafted .NSV (Nullsoft streaming video file) files when opening in Internet Explorer 6 or 7 This module runs a web server waiting for vulnerable clients (Internet Explorer) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.

VLC is prone to a buffer-overflow vulnerability when parsing a MP4 file with an overly deep box structure. This module runs a web server waiting for vulnerable clients (Internet Explorer or Mozilla Firefox) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.

This module exploits a vulnerability in VideoLan Media Player (VLC). A memory corruption vulnerability in the MKV demuxer plugin (ibmkv_plugin) in VLC Media Player 1.1.6.1 and earlier allowing remote attackers to execute arbitrary code via a MKV media file. This module runs a malicious web site on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to the web site.

VLC Media Player is prone to a buffer-overflow vulnerability that occurs because it fails to perform adequate boundary checks on user-supplied data via a crafted .S3M file. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.

This module runs a web server waiting for vulnerable clients to connect to it. When the client connects, it will try to install an agent by exploiting a vulnerability in VLC, which allows user-assisted remote attackers to execute code via a crafted OGG file that triggers format string and overwrites a subroutine pointer during rendering. The module will send an e-mail with a specially crafted HTML page waiting for victim users to connect through it. If target system does not have either the ActiveX plugin (Internet Explorer) or the Mozilla plugin (Firefox, Opera), when the user clicks on the e-mail link the browser will download a file in order to be executed so agent can be deployed. Otherwise, remote file will be executed directly.

VLC is able to handle the subtitles automatically in a very simple way,it just checks the presence of SSA files with the same name of the loaded video and a possible subtitles folder. The functions which handle the MicroDVD, SSA and VPlayer subtitle formats are vulnerable to some stack based buffer-overflow vulnerabilities which can allow an attacker to execute malicious code. This module runs a web server waiting for vulnerable clients (Internet Explorer, Opera or Mozilla Firefox) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.