This script is Copyright (C) 2011-2016 Tenable Network Security, Inc.
The remote Windows host contains an media player that is affected by
The version of VLC media player installed on the remote host is
earlier than 1.1.6. Such versions are reportedly affected by the
following vulnerabilities :
- An integer overflow vulnerability exists due a failure
to properly parse the header of a Real Media, which
could then trigger a heap-based buffer overflow. It is
not yet known if this issue can be exploited to execute
arbitrary code. (CVE-2010-3907)
- There are two heap corruption vulnerabilities in the
CDG decoder that arise because of a failure to validate
indices into statically-sized arrays on the heap, which
could allow for arbitrary code execution. (CVE-2011-0021)
- The 'StripTags()' function in the USF and Text decoders
may scan past the end of a subtitle in an MKV file with
an opening '<' char but without a corresponding closing
'>' char, resulting in heap memory corruption.
See also :
Upgrade to VLC Media Player version 1.1.6 or later.
Risk factor :
High / CVSS Base Score : 9.3
CVSS Temporal Score : 7.3
Public Exploit Available : true