VLC Media Player XSPF Playlist Integer Overflow

This script is Copyright (C) 2011 Tenable Network Security, Inc.


Synopsis :

The remote Windows host contains a media player that can allow code
execution.

Description :

The version of VLC media player installed on the remote host is 0.8.5
or later and is earlier than 1.1.10. Such versions are affected by an
integer overflow vulnerability that can be exploited by tricking a
user into opening a crafted XSPF playlist file. Exploiting this
vulnerability can lead to application crashes and possibly code
execution.

See also :

http://www.videolan.org/security/sa1104.html
http://www.videolan.org/vlc/releases/1.1.10.html

Solution :

Upgrade to VLC Media Player version 1.1.10 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.3
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 55024 ()

Bugtraq ID: 48171

CVE ID: CVE-2011-2194

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now