This script is Copyright (C) 2010-2016 Tenable Network Security, Inc.
The remote Windows host contains an application that suffers from
The version of VLC media player installed on the remote host is
earlier than 1.0.6. Such versions are affected by multiple
- A stack-based buffer overflow when handling M3U files
with a ftp:// URI handler.
- Heap-based buffer overflow vulnerabilities exist in the
A/52, DTS, MPEG Audio decoders.
- Invalid memory access vulnerabilities exist in the AVI,
ASF, Matroska (MKV) demuxers, the XSPF playlist parser,
and the ZIP archive decompressor.
- A heap-based buffer overflow vulnerability exists in
If an attacker can trick a user into opening a specially crafted file
with the affected application, arbitrary code could be executed
subject to the user's privileges.
See also :
Upgrade to VLC Media Player version 1.1.0 or later.
Note that the VLC developers have not released a pre-built version
1.0.6 for Windows so users are advised to upgrade to the next
Risk factor :
High / CVSS Base Score : 9.3
CVSS Temporal Score : 8.4
Public Exploit Available : true