This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.
The remote Windows host contains a media player that is affected by
The version of VLC media player installed on the remote host is earlier
than 2.0.5. It is, therefore, reportedly affected by the following
- An error exists in the file 'modules/codec/subsdec.c'
('libsubsdec_plugin.dll') that does not properly
validate input and can allow a buffer overflow. Opening
a specially crafted file can result in the execution of
arbitrary code. Note that the subtitles feature must be
enabled for successful exploitation.
- An error exists related to the 'freetype' renderer that
does not properly validate input and can allow a buffer
overflow. Opening a specially crafted file can result in
the execution of arbitrary code.
- Unspecified errors exist related to 'libaiff_plugin.dll'
and to the 'SWF' demuxer that have unspecified impact.
See also :
Upgrade to VLC version 2.0.5 or later. Alternatively, remove any
affected plugin files from VLC's plugins directory.
Risk factor :
High / CVSS Base Score : 9.3
CVSS Temporal Score : 6.9
Public Exploit Available : false