VLC Media Player < 1.0.2 Multiple Remote Buffer Overflows
High Nessus Plugin ID 41626
SynopsisThe remote Windows host contains an application that is affected by multiple remote buffer overflow vulnerabilities.
DescriptionThe version of VLC media player installed on the remote host is earlier than 1.0.2. Such versions are vulnerable to a stack overflow when parsing MP4, ASF, or AVI files with an overly deep box structure.
If an attacker can trick a user into opening a specially crafted MP4, ASF, or AVI file with the affected application, arbitrary code could be executed subject to the user's privileges.
SolutionUpgrade to VLC Media Player version 1.0.2 or later.