-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

==========================================================================
==========================================================================
 VLC Media Player 1.1.4 (vlc.exe) dll hijacking reloaded
 
 Author: shinnai
 mail: shinnai[at]autistici[dot]org
 site: http://www.shinnai.altervista.org/

 This was written for educational purpose. Use it at your own risk.
 Author will be not responsible for any damage.

 Tested on:
 Windows 7 professional full patched
==========================================================================
==========================================================================
 DESCRIPTION: 
 I think this is just a logic flaw, infact this program is still
 vulnerable to dll hijacking simply creating, in the same folder of
 one of below listed files, these folders:

 "%commonprogramfiles%\microsoft shared\windows live"

 and then put into "windows live" folder our dll.

 E.g.
 
  C:\>dir /S test

  Volume in drive C has no label.
  Volume Serial Number is XXXX-YYYY

  Directory of C:\test

 14/10/2010  11:29    <DIR>          .
 14/10/2010  11:29    <DIR>          ..
 14/10/2010  11:29    <DIR>          %commonprogramfiles%
 07/10/2010  13:22                 8 test.xspf
                1 File(s)              8 bytes

  Directory of C:\test\%commonprogramfiles%

 14/10/2010  11:29    <DIR>          .
 14/10/2010  11:29    <DIR>          ..
 14/10/2010  11:29    <DIR>          microsoft shared
                0 File(s)              0 bytes

  Directory of C:\test\%commonprogramfiles%\microsoft shared

 14/10/2010  11:29    <DIR>          .
 14/10/2010  11:29    <DIR>          ..
 14/10/2010  11:29    <DIR>          windows live
                0 File(s)              0 bytes

  Directory of C:\test\%commonprogramfiles%\microsoft shared\windows live

 14/10/2010  11:29    <DIR>          .
 14/10/2010  11:29    <DIR>          ..
 14/10/2010  09:36            14,336 wintab32.dll
               1 File(s)         14,336 bytes
==========================================================================
==========================================================================
 INFO:
 Prg.:	vlc.exe
 Ver.:	1.1.4.0
 Ext.:	a52
	ac3
	amr
	amv
	aob
	ape
	b4s
	bin
	cue
	divx
	dts
	dv
	flac
	flv
	gxf
	ifo
	it
	m3u8
	m4p
	mka
	mkv
	mlp
	mp1
	mpc
	mpeg1
	mpeg2
	mpeg4
	mxf
	nsv
	nuv
	oga
	ogg
	ogm
	ogv
	ogx
	oma
	pls
	ram
	rec
	rmvb
	rm
	s3m
	sdp
	spx
	tod
	tta
	vlc
	vob
	voc
	vqf
	vro
	w64
	webm
	wv
	xa
	xm
	xspf

 dll:	wintab32.dll
==========================================================================
==========================================================================

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)

iQIcBAEBAgAGBQJMtvf+AAoJELleC2c7YdP161YQAMbRBuVfTrWZy+5Jc36im+by
+eLZoQ2JJsWIs9stIPPnggv63jk0QHvwLvAYgIpYadPUls5EMRFSQjeHr/hiJlIT
mCXJEs8p8lbxTWDo/NUz/CXKRGWc5ePkjIeGilt5Iw8dGdTZk9KkfQ5MImb2kiA6
fOYxvEJdmjJ/Fxb+9Mp5ronWWNndMUByGWWJfR41y052ULibDnMAw5mK+ZhbCITy
54SeEuRExfQnLpIHxwWmTWnun+K6CxCisaLdtkgKVp9IeOta2jCf0QJkg5MaZ1fx
igjoOTWGw4MwmG1L5szDlW0lnCa3zqST17i8LwIXzLTj1Ms4Y4Ozye2NjIZzyTYt
ODOcaT2BgzM0ERCzmmvRmX0g81AYtMSyXprI/7FBtVKpJI5sVVLyLv1RcUxGaa3J
5jHLtwkJefprVDenD/sKaTg82agiNUAPZ8cLM9331uFQcyBoA58Fqx1JQU+oFrzV
JI4KDXkQJ94C5wJticBKUO9zD3Fh3sZTKtXU2WOmFACbA+rPkyS15K8mm1TabtyL
EaI5Y4jK28DL0AvJzGvw8GgTc3/P9xp6b+xE26XiXqcpwKUTtL9WqMscAHr21i/K
6/YoBDyx/HCAu8jEDluEreeyjl8lIp23FhSzv5uXOLEP/hM15uT4BAnKWfioyNSW
L9069bY8ZF0fgkojjD8P
=H4AK
-----END PGP SIGNATURE-----