VLC Media Player < 1.1.8 Multiple Buffer Overflows

High Log Correlation Engine Plugin ID 801171


The remote host contains an application that allows arbitrary code execution.


The remote host contains VLC player, a multi-media application.

Versions of VLC media player earlier than 1.1.8 are potentially affected by buffer overflow vulnerabilities when handling specially crafted AMV and NSV files, which could result in arbitrary code execution.


Upgrade to VLC Media Player version 1.1.8 or later.

See Also



Plugin Details

Severity: High

ID: 801171

File Name: 801171.prm

Family: Web Clients

Published: 2011/03/25

Nessus ID: 52976

Risk Information

Risk Factor: High


Base Score: 9.3

Temporal Score: 7.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

Patch Publication Date: 2011/03/23

Vulnerability Publication Date: 2011/03/23

Exploitable With

Metasploit (windows/browser/vlc_amv.rb)

Reference Information

CVE: CVE-2010-3275, CVE-2010-3276

BID: 47012