VLC Media Player < 1.1.6 Multiple Vulnerabilities

high Nessus Plugin ID 51772

Synopsis

The remote Windows host contains an media player that is affected by multiple vulnerabilities.

Description

The version of VLC media player installed on the remote host is earlier than 1.1.6. Such versions are reportedly affected by the following vulnerabilities :

- An integer overflow vulnerability exists due a failure to properly parse the header of a Real Media, which could then trigger a heap-based buffer overflow. It is not yet known if this issue can be exploited to execute arbitrary code. (CVE-2010-3907)

- There are two heap corruption vulnerabilities in the CDG decoder that arise because of a failure to validate indices into statically-sized arrays on the heap, which could allow for arbitrary code execution. (CVE-2011-0021)

- The 'StripTags()' function in the USF and Text decoders may scan past the end of a subtitle in an MKV file with an opening '<' char but without a corresponding closing '>' char, resulting in heap memory corruption. (CVE-2011-0522)

Solution

Upgrade to VLC Media Player version 1.1.6 or later.

See Also

http://www.nessus.org/u?0c2a0870

http://www.videolan.org/security/sa1007.html

http://www.nessus.org/u?24b9825d

http://www.videolan.org/security/sa1101.html

http://www.videolan.org/developers/vlc-branch/NEWS

Plugin Details

Severity: High

ID: 51772

File Name: vlc_1_1_6.nasl

Version: 1.11

Type: local

Agent: windows

Family: Windows

Published: 1/27/2011

Updated: 8/6/2018

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 7.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:videolan:vlc_media_player

Required KB Items: SMB/VLC/Version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 1/23/2011

Vulnerability Publication Date: 1/25/2011

Exploitable With

CANVAS (White_Phosphorus)

Reference Information

CVE: CVE-2010-3907, CVE-2011-0021, CVE-2011-0522

BID: 45632, 45927, 46008