CVE-2009-2484

Name of the Vulnerable Software and Affected Versions VLC media player version 0.9.9

Description A stack-based buffer overflow issue exists in the Win32AddConnection function, located in modules/access/smb.c, which can be triggered by a long smb URI in a playlist file. This can cause a denial of service, resulting in an application crash, and potentially allow the execution of arbitrary code. The issue is caused by a boundary error within the Win32AddConnection() function and can be exploited by tricking a user into opening a malicious playlist file with an overly long "smb://" URI.

Recommendations For VLC media player version 0.9.9, consider disabling the Win32AddConnection() function until a patch is available to prevent exploitation. Restrict access to opening playlist files from untrusted sources to minimize the risk of exploitation. Avoid using overly long "smb://" URIs in playlist files until the issue is resolved.