VLC Media Player < 1.0.6 Multiple Vulnerabilities

This script is Copyright (C) 2010-2016 Tenable Network Security, Inc.

Synopsis :

The remote Windows host contains an application that suffers from
multiple vulnerabilities.

Description :

The version of VLC media player installed on the remote host is
earlier than 1.0.6. Such versions are affected by multiple
vulnerabilities :

- A stack-based buffer overflow when handling M3U files
with a ftp:// URI handler.

- Heap-based buffer overflow vulnerabilities exist in the
A/52, DTS, MPEG Audio decoders.

- Invalid memory access vulnerabilities exist in the AVI,
ASF, Matroska (MKV) demuxers, the XSPF playlist parser,
and the ZIP archive decompressor.

- A heap-based buffer overflow vulnerability exists in
RTMP access.

If an attacker can trick a user into opening a specially crafted file
with the affected application, arbitrary code could be executed
subject to the user's privileges.

See also :


Solution :

Upgrade to VLC Media Player version 1.1.0 or later.

Note that the VLC developers have not released a pre-built version
1.0.6 for Windows so users are advised to upgrade to the next
available version.

Risk factor :

High / CVSS Base Score : 9.3
CVSS Temporal Score : 8.4
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 48760 ()

Bugtraq ID: 39620

CVE ID: CVE-2010-1441

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now