VLC Media Player < 1.1.8 Multiple Buffer Overflows

This script is Copyright (C) 2011-2016 Tenable Network Security, Inc.


Synopsis :

The remote Windows host contains a media player that is affected by
multiple buffer overflow vulnerabilities.

Description :

The version of VLC media player installed on the remote host is
earlier than 1.1.8. Such versions are reportedly affected by buffer
overflow vulnerabilities when handling specially crafted AMV and NSV
files, which could result in arbitrary code execution.

See also :

http://www.coresecurity.com/content/vlc-vulnerabilities-amv-nsv-files
http://www.videolan.org/vlc/releases/1.1.8.html

Solution :

Upgrade to VLC Media Player version 1.1.8 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.1
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 52976 ()

Bugtraq ID: 47012

CVE ID: CVE-2010-3275
CVE-2010-3276

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now