module
VLC Media Player MKV Use After Free
| Disclosed | Created |
|---|---|
| 05/24/2018 | 03/19/2019 |
Disclosed
05/24/2018
Created
03/19/2019
Description
This module exploits a use after free vulnerability in
VideoLAN VLC = MKV files and affects both 32 bits and 64 bits.
In order to exploit this, this module will generate two files:
The first .mkv file contains the main vulnerability and heap spray,
the second .mkv file is required in order to take the vulnerable code
path and should be placed under the same directory as the .mkv file.
This module has been tested against VLC v2.2.8. Tested with payloads
windows/exec, windows/x64/exec, windows/shell/reverse_tcp,
windows/x64/shell/reverse_tcp. Meterpreter payloads if used can
cause the application to crash instead.
VideoLAN VLC = MKV files and affects both 32 bits and 64 bits.
In order to exploit this, this module will generate two files:
The first .mkv file contains the main vulnerability and heap spray,
the second .mkv file is required in order to take the vulnerable code
path and should be placed under the same directory as the .mkv file.
This module has been tested against VLC v2.2.8. Tested with payloads
windows/exec, windows/x64/exec, windows/shell/reverse_tcp,
windows/x64/shell/reverse_tcp. Meterpreter payloads if used can
cause the application to crash instead.
Authors
Eugene Ng - GovTechWinston Ho - GovTech
Platform
Windows
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:
msf > use exploit/windows/fileformat/vlc_mkv
msf /(v) > show actions
...actions...
msf /(v) > set ACTION < action-name >
msf /(v) > show options
...show and set options...
msf /(v) > run
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.