Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-pwwt-2djv-nfdj
SummaryStack-based buffer overflow in the Win32AddConnection function in modules/access/smb.c in VideoLAN VLC media player 0.9.9, when running on Microsoft Windows, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long smb URI in a playlist file.
Aliases
0
alias CVE-2009-2484
Fixed_packages
0
url pkg:deb/debian/vlc@0?distro=trixie
purl pkg:deb/debian/vlc@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/vlc@0%3Fdistro=trixie
1
url pkg:deb/debian/vlc@3.0.21-0%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/vlc@3.0.21-0%2Bdeb11u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/vlc@3.0.21-0%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/vlc@3.0.22-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/vlc@3.0.22-0%2Bdeb12u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/vlc@3.0.22-0%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/vlc@3.0.23-0%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/vlc@3.0.23-0%2Bdeb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/vlc@3.0.23-0%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/vlc@3.0.23-1?distro=trixie
purl pkg:deb/debian/vlc@3.0.23-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/vlc@3.0.23-1%3Fdistro=trixie
5
url pkg:deb/debian/vlc@3.0.23-3?distro=trixie
purl pkg:deb/debian/vlc@3.0.23-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/vlc@3.0.23-3%3Fdistro=trixie
Affected_packages
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2009-2484
reference_id
reference_type
scores
0
value 0.71229
scoring_system epss
scoring_elements 0.98702
published_at 2026-04-01T12:55:00Z
1
value 0.71229
scoring_system epss
scoring_elements 0.98703
published_at 2026-04-02T12:55:00Z
2
value 0.71229
scoring_system epss
scoring_elements 0.98706
published_at 2026-04-04T12:55:00Z
3
value 0.71229
scoring_system epss
scoring_elements 0.9871
published_at 2026-04-09T12:55:00Z
4
value 0.71229
scoring_system epss
scoring_elements 0.98713
published_at 2026-04-12T12:55:00Z
5
value 0.71229
scoring_system epss
scoring_elements 0.98714
published_at 2026-04-13T12:55:00Z
6
value 0.71229
scoring_system epss
scoring_elements 0.98716
published_at 2026-04-16T12:55:00Z
7
value 0.71229
scoring_system epss
scoring_elements 0.98718
published_at 2026-04-18T12:55:00Z
8
value 0.71229
scoring_system epss
scoring_elements 0.98719
published_at 2026-04-21T12:55:00Z
9
value 0.71229
scoring_system epss
scoring_elements 0.98723
published_at 2026-04-26T12:55:00Z
10
value 0.71229
scoring_system epss
scoring_elements 0.98725
published_at 2026-04-29T12:55:00Z
11
value 0.71229
scoring_system epss
scoring_elements 0.9873
published_at 2026-05-05T12:55:00Z
12
value 0.71229
scoring_system epss
scoring_elements 0.98732
published_at 2026-05-09T12:55:00Z
13
value 0.71229
scoring_system epss
scoring_elements 0.98734
published_at 2026-05-11T12:55:00Z
14
value 0.71229
scoring_system epss
scoring_elements 0.98735
published_at 2026-05-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2009-2484
1
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows_x86/local/16678.rb
reference_id CVE-2009-2484;OSVDB-55509
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows_x86/local/16678.rb
2
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/dos/9029.rb
reference_id OSVDB-55509;CVE-2009-2484
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/dos/9029.rb
Weaknesses
Exploits
0
date_added null
description 
This module exploits a stack-based buffer overflow in the Win32AddConnection
          function of the VideoLAN VLC media player. Versions 0.9.9 through 1.0.1 are
          reportedly affected.

          This vulnerability is only present in Win32 builds of VLC.

          This payload was found to work with the windows/exec and
          windows/meterpreter/reverse_tcp payloads. However, the
          windows/meterpreter/reverse_ord_tcp was found not to work.
required_action null
due_date null
notes 
Reliability:
  - unknown-reliability
Stability:
  - unknown-stability
SideEffects:
  - unknown-side-effects
known_ransomware_campaign_use false
source_date_published 2009-06-24
exploit_type null
platform Windows
source_date_updated null
data_source Metasploit
source_url https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/windows/fileformat/vlc_smb_uri.rb
1
date_added 2010-09-20
description VideoLAN VLC Client (Windows x86) - 'smb://' URI Buffer Overflow (Metasploit)
required_action null
due_date null
notes null
known_ransomware_campaign_use true
source_date_published 2010-09-20
exploit_type local
platform windows_x86
source_date_updated 2016-09-10
data_source Exploit-DB
source_url
Severity_range_scorenull
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-pwwt-2djv-nfdj