Detections
Analytics

VLC Media Player < 1.0.2 Multiple Buffer Overflows (deprecated)

medium Nessus Network Monitor Plugin ID 5188

Synopsis

The remote host contains an application that is vulnerable to multiple attack vectors.

Description

The version of VLC media player installed on the remote host that is earlier than 1.0.2. Such versions are potentially vulnerable to a stack overflow when parsing a MPF, ASF, or AVI file with an overly deep box structure. If an attacker can trick a user into opening a specially crafted MP4, ASF, or AVI file with the affected application, he may be able to execute arbitrary code subject to the user's privileges.

Solution

Upgrade to VLC Media Player 1.0.2 or later.

See Also

http://www.videolan.org/security/sa0901.html

Plugin Details

Severity: Medium

ID: 5188

Family: Web Clients

Published: 9/25/2009

Updated: 3/6/2019

Nessus ID: 41626

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.6

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: Medium

Base Score: 5.6

Temporal Score: 5.2

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

Patch Publication Date: 9/22/2009

Vulnerability Publication Date: 9/17/2009

Reference Information

BID: 36439