CVE-2007-6262

high

Description

A certain ActiveX control in axvlc.dll in VideoLAN VLC 0.8.6 before 0.8.6d allows remote attackers to execute arbitrary code via crafted arguments to the (1) addTarget, (2) getVariable, or (3) setVariable function, resulting from a "bad initialized pointer," aka a "recursive plugin release vulnerability."

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14280

https://exchange.xforce.ibmcloud.com/vulnerabilities/38816

http://www.vupen.com/english/advisories/2007/4061

http://www.videolan.org/sa0703.html

http://www.securityfocus.com/archive/1/484563/100/0/threaded

http://www.coresecurity.com/?action=item&id=2035

http://securityreason.com/securityalert/3420

http://secunia.com/advisories/27878

Details

Source: Mitre, NVD

Published: 2007-12-06

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.11115