{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/81408?format=json","vulnerability_id":"VCID-3k7q-7ux2-v3gc","summary":"Stack-based buffer overflow in VideoLAN VLC media player before 2.0.1 allows remote attackers to execute arbitrary code via a crafted MMS:// stream.","aliases":[{"alias":"CVE-2012-1775"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/364837?format=json","purl":"pkg:deb/debian/vlc@2.0.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/vlc@2.0.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/364803?format=json","purl":"pkg:deb/debian/vlc@3.0.21-0%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/vlc@3.0.21-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/364801?format=json","purl":"pkg:deb/debian/vlc@3.0.23-0%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/vlc@3.0.23-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/364805?format=json","purl":"pkg:deb/debian/vlc@3.0.23-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/vlc@3.0.23-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/364804?format=json","purl":"pkg:deb/debian/vlc@3.0.23-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/vlc@3.0.23-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/330966?format=json","purl":"pkg:ebuild/media-video/vlc@2.1.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/media-video/vlc@2.1.2"}],"affected_packages":[],"references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1775","reference_id":"","reference_type":"","scores":[{"value":"0.72888","scoring_system":"epss","scoring_elements":"0.98802","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1775"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1775","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1775"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/18825.rb","reference_id":"CVE-2012-1775;OSVDB-80188","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/18825.rb"},{"reference_url":"https://security.gentoo.org/glsa/201411-01","reference_id":"GLSA-201411-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201411-01"}],"weaknesses":[],"exploits":[{"date_added":"2012-05-03","description":"VideoLAN VLC Media Player 2.0.0 - Mms Stream Handling Buffer Overflow (Metasploit)","required_action":null,"due_date":null,"notes":null,"known_ransomware_campaign_use":true,"source_date_published":"2012-05-03","exploit_type":"remote","platform":"windows","source_date_updated":"2016-11-15","data_source":"Exploit-DB","source_url":""},{"date_added":null,"description":"This module exploits a buffer overflow in VLC media player VLC media player prior\n          to 2.0.0. The vulnerability is due to a dangerous use of sprintf which can result\n          in a stack buffer overflow when handling a malicious MMS URI.\n\n          This module uses the browser as attack vector. A specially crafted MMS URI is\n          used to trigger the overflow and get flow control through SEH overwrite. Control\n          is transferred to code located in the heap through a standard heap spray.\n\n          The module only targets IE6 and IE7 because no DEP/ASLR bypass has been provided.","required_action":null,"due_date":null,"notes":"Reliability:\n  - unknown-reliability\nStability:\n  - unknown-stability\nSideEffects:\n  - unknown-side-effects\n","known_ransomware_campaign_use":false,"source_date_published":"2012-03-15","exploit_type":null,"platform":"Windows","source_date_updated":null,"data_source":"Metasploit","source_url":"https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/windows/browser/vlc_mms_bof.rb"}],"severity_range_score":null,"exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3k7q-7ux2-v3gc"}