VLC Media Player 0.5.0 to 0.9.5 Stack-Based Buffer Overflows

This script is Copyright (C) 2008-2016 Tenable Network Security, Inc.


Synopsis :

The remote Windows host contains an application that is affected by
multiple buffer overflow vulnerabilities.

Description :

A version of VLC between 0.5.0 and 0.9.5 is installed on the remote
host. Such versions are affected by the following vulnerabilities :

- RealText subtitle file (modules\demux\subtitle.c)
processing is susceptible to a buffer overflow caused
by user-supplied data from a malicious subtitle file
being copied into static buffers without proper
validation.

- CUE image file (modules\access\vcd\cdrom.c)
processing is susceptible to a stack-based buffer
overflow because data supplied by the CUE file is
supplied as an array index without proper validation.

An attacker may be able to leverage these issues to execute arbitrary
code on the remote host by tricking a user into opening a specially
crafted video file using the affected application.

See also :

http://www.trapkit.de/advisories/TKADV2008-012.txt
http://www.securityfocus.com/archive/1/498111/30/0/threaded
http://www.securityfocus.com/archive/1/498112/30/0/threaded
http://www.videolan.org/security/sa0810.html
http://permalink.gmane.org/gmane.comp.security.oss.general/1140

Solution :

Upgrade to VLC version 0.9.6 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.7
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 34730 ()

Bugtraq ID: 32125
36403

CVE ID: CVE-2008-5032
CVE-2008-5036

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now