VLC Media Player < 0.9.8a RealMedia Processing Remote Integer Overflow (deprecated)

medium Nessus Network Monitor Plugin ID 4785

Synopsis

The remote Windows host contains an application that is affected by an integer overflow vulnerability.

Description

The version of VLC Media Player 0.9 installed on the remote host is earlier than 0.9.8a. Such versions contain a heap-based integer buffer overflow in the Real demuxer plugin (libreal_plugin.*'). If an attacker can trick a user into opening a specially crafted RealMedia (.rm) file, he may be able to execute arbitrary code within the context of the affected application.

Solution

Upgrade to version 0.9.8a or higher.

See Also

http://www.trapkit.de/advisories/TKADV2008-013.txt

http://archives.neohapsis.com/archives/bugtraq/2008-12/0004.html

http://www.videolan.org/sa0811.html

Plugin Details

Severity: Medium

ID: 4785

Family: Web Clients

Published: 12/10/2008

Updated: 3/6/2019

Nessus ID: 35068

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.6

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: Medium

Base Score: 5.6

Temporal Score: 5.2

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Reference Information

CVE: CVE-2008-5276

BID: 32545