This script is Copyright (C) 2014 Tenable Network Security, Inc.
The remote Windows host contains a media player that is affected by
The version of VLC media player installed on the remote host is prior
to 2.1.5. It is, therefore, affected by the following
- An error exists in the png_push_read_chunk() function
within the file 'pngpread.c' from the included libpng
library that can allow denial of service attacks.
- A buffer overflow error exists in the
read_server_hello() function within the file
'lib/gnutls_handshake.c' from the included GnuTLS
library that can allow arbitrary code execution or
denial of service. (CVE-2014-3466)
- A heap-based buffer overflow error exists in the
transcode module due to improper validation of
user-supplied input when handling invalid channel
counts. An attacker can exploit this to execute
arbitrary code. (CVE-2014-6440)
See also :
Upgrade to version 2.1.5 or later.
Risk factor :
Medium / CVSS Base Score : 6.8
CVSS Temporal Score : 5.9
Public Exploit Available : false