Candidate: CVE-2010-3124
PublicDate: 2010-08-26 18:36:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3124
Description:
 Untrusted search path vulnerability in bin/winvlc.c in VLC Media Player
 1.1.3 and earlier allows local users, and possibly remote attackers, to
 execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse
 wintab32.dll that is located in the same folder as a .mp3 file.
Ubuntu-Description:
Notes:
 mdeslaur> This is Windows-specific
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS: 

Patches_vlc:
 upstream: http://git.videolan.org/?p=vlc/vlc-1.1.git;a=blobdiff;f=bin/winvlc.c;h=ac9b97ca9f5f9ba001f13bf61eb5127a1c1dbcbf;hp=2d09cba320e3b0def7069ce1ebab25d1340161c5;hb=43a31df56c37bd62c691cdbe3c1f11babd164b56;hpb=2d366da738b19f8d761d7084746c6db6f52808c6
upstream_vlc: released (1.1.4)
dapper_vlc: ignored (reached end-of-life)
hardy_vlc: not-affected
jaunty_vlc: ignored (reached end-of-life)
karmic_vlc: not-affected
lucid_vlc: not-affected
maverick_vlc: not-affected (1.1.4-1ubuntu1)
devel_vlc: not-affected (1.1.4-1ubuntu1)