VLC Media Player < 1.1.4 Path Subversion Arbitrary DLL Injection Code Execution

This script is Copyright (C) 2010-2017 Tenable Network Security, Inc.


Synopsis :

The remote Windows host contains an application that allows arbitrary
code execution.

Description :

The version of VLC media player installed on the remote host is
earlier than 1.1.4. Such versions insecurely look in their current
working directory when resolving DLL dependencies, such as for
'wintab32.dll'.

If a malicious DLL with the same name as a required DLL is located in
the application's current working directory, the malicious DLL will be
loaded.

See also :

http://msdn.microsoft.com/en-us/library/ff919712(VS.85).aspx
http://www.acrossecurity.com/aspr/ASPR-2010-08-18-1-PUB.txt
http://blog.rapid7.com/?p=5325
http://www.videolan.org/security/sa1005.html
http://www.videolan.org/developers/vlc-branch/NEWS

Solution :

Upgrade to VLC Media Player version 1.1.4 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.7
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 48906 ()

Bugtraq ID: 42707

CVE ID: CVE-2010-3124

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now