How to Buy
This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.
The remote Windows host contains a media player that is affected by
The version of VLC media player installed on the remote host is earlier
than 2.0.5. It is, therefore, reportedly affected by the following
- An error exists in the file 'modules/codec/subsdec.c'
('libsubsdec_plugin.dll') that does not properly
validate input and can allow a buffer overflow. Opening
a specially crafted file can result in the execution of
arbitrary code. Note that the subtitles feature must be
enabled for successful exploitation.
- An error exists related to the 'freetype' renderer that
does not properly validate input and can allow a buffer
overflow. Opening a specially crafted file can result in
the execution of arbitrary code.
- Unspecified errors exist related to 'libaiff_plugin.dll'
and to the 'SWF' demuxer that have unspecified impact.
See also :
Upgrade to VLC version 2.0.5 or later. Alternatively, remove any
affected plugin files from VLC's plugins directory.
Risk factor :
High / CVSS Base Score : 9.3
CVSS Temporal Score : 8.1
Public Exploit Available : false
Nessus Plugin ID: 63381 ()
Bugtraq ID: 57079
CVE ID: CVE-2013-1868
Nessus Professional: Scan unlimited IPs, run compliance checks & moreNessus Cloud: The power of Nessus for teams – from the cloud
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.