FreeBSD : mplayer heap overflow in http requests (5e7f58c3-b3f8-4258-aeb8-795e5e940ff8)

This script is Copyright (C) 2004-2014 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

A remotely exploitable heap buffer overflow vulnerability was found in
MPlayer's URL decoding code. If an attacker can cause MPlayer to visit
a specially crafted URL, arbitrary code execution with the privileges
of the user running MPlayer may occur. A `visit' might be caused by
social engineering, or a malicious web server could use HTTP redirects
which MPlayer would then process.

See also :

http://www.mplayerhq.hu/homepage/design6/news.html
http://marc.info/?l=bugtraq&m=108066964709058
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=64974
http://www.nessus.org/u?61b15b7b

Solution :

Update the affected packages.

Risk factor :

High

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 12581 (freebsd_mplayer_0921.nasl)

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now