VLC < 2.0.6 ASF Demuxer Buffer Overflow

medium Nessus Plugin ID 66216

Synopsis

The remote Windows host contains a media player that is affected by a buffer overflow vulnerability.

Description

The version of VLC media player installed on the remote host is earlier than 2.0.6. It is, therefore, reportedly affected by a buffer overflow vulnerability related to the ASF demuxer plugin.

Solution

Upgrade to VLC version 2.0.6 or later. Alternatively, remove the affected plugin file from VLC's plugins directory.

See Also

http://www.videolan.org/security/sa1302.html

http://www.nessus.org/u?b8052708

http://trac.videolan.org/vlc/ticket/8024

http://www.videolan.org/vlc/releases/2.0.6.html

Plugin Details

Severity: Medium

ID: 66216

File Name: vlc_2_0_6.nasl

Version: 1.3

Type: local

Agent: windows

Family: Windows

Published: 4/25/2013

Updated: 11/27/2019

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2013-1954

Vulnerability Information

CPE: cpe:/a:videolan:vlc_media_player

Required KB Items: SMB/VLC/Version

Exploit Ease: No known exploits are available

Patch Publication Date: 1/17/2013

Vulnerability Publication Date: 1/11/2013

Reference Information

CVE: CVE-2013-1954

BID: 57333