CVE-2011-1574 VideoLAN VLC ModPlug ReadS3M Stack Buffer Overflow
This module exploits an input validation error in libmod_plugin as included with VideoLAN VLC 1.1.8. All versions prior to version 1.1.9 are affected. By creating a malicious S3M file, a remote attacker could execute arbitrary code. Although other products that bundle libmodplug may be vulnerable, this module was only tested against VLC. NOTE: As of July 1st, 2010, VLC now calls SetProcessDEPPoly to permanently enable NX support on machines that support it. As such, this module is capable of bypassing DEP, but not ASLR.
CVE-2011-1574 VideoLAN VLC ModPlug ReadS3M Stack Buffer Overflow from 4 X Security Team on Vimeo.