VLC Media Player < 1.0.6 Multiple Vulnerabilities
High Nessus Plugin ID 48760
SynopsisThe remote Windows host contains an application that suffers from multiple vulnerabilities.
DescriptionThe version of VLC media player installed on the remote host is earlier than 1.0.6. Such versions are affected by multiple vulnerabilities :
- A stack-based buffer overflow when handling M3U files with a ftp:// URI handler.
- Heap-based buffer overflow vulnerabilities exist in the A/52, DTS, MPEG Audio decoders.
- Invalid memory access vulnerabilities exist in the AVI, ASF, Matroska (MKV) demuxers, the XSPF playlist parser, and the ZIP archive decompressor.
- A heap-based buffer overflow vulnerability exists in RTMP access.
If an attacker can trick a user into opening a specially crafted file with the affected application, arbitrary code could be executed subject to the user's privileges.
SolutionUpgrade to VLC Media Player version 1.1.0 or later.
Note that the VLC developers have not released a pre-built version 1.0.6 for Windows so users are advised to upgrade to the next available version.