VLC Media Player < 1.0.1 real_get_rdt_chunk() Function Overflow

This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.


Synopsis :

The remote Windows host contains an application that is affected by a
buffer overflow vulnerability.

Description :

The version of VLC media player installed on the remote host is
earlier than 1.0.1. Such versions contain an integer underflow
involving the integer 'size' in the 'real_get_rdt_chunk_header()'
function that can be triggered when reading Real Data Transport (RDT)
chunk headers. This 'size' variable is used before the underflow to
allocate storage on the heap and then after it to read an excessive
amount of data from the network via the 'rtsp_read_data()' function,
resulting in a buffer overflow. If an attacker can trick a user into
opening a specially crafted RTSP stream with the affected application,
arbitrary code could be executed, subject to the user's privileges.

See also :

http://seclists.org/bugtraq/2009/Jul/196
http://wiki.videolan.org/Changelog/1.0.1#Access

Solution :

Upgrade to VLC Media Player version 1.0.1 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.9
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 40466 ()

Bugtraq ID: 35821

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now