VLC executes arbitrary plugins
|Reported by:||courmisch||Owned by:||courmisch|
Description (last modified by courmisch)
At startup, VLC recursively scans the modules/ and plugins/ subdirectories from the current working directory, and tries to execute the vlc_entry__0_8_6 (or another in other VLC versions) symbol from any file matching the "lib*_plugin.so" pattern.
This is a local privilege escalation vulnerability.
Change History (8)
comment:2 Changed 7 years ago by courmisch
- Milestone changed from 0.8.6-bugfix to 0.9.0-test1
- Owner set to courmisch
- Status changed from new to assigned
comment:6 Changed 7 years ago by courmisch
- Resolution set to fixed
- Status changed from assigned to closed