VLC Media Player < 1.0.6 Multiple Vulnerabilities

High Nessus Plugin ID 48760


The remote Windows host contains an application that suffers from multiple vulnerabilities.


The version of VLC media player installed on the remote host is earlier than 1.0.6. Such versions are affected by multiple vulnerabilities :

- A stack-based buffer overflow when handling M3U files with a ftp:// URI handler.

- Heap-based buffer overflow vulnerabilities exist in the A/52, DTS, MPEG Audio decoders.

- Invalid memory access vulnerabilities exist in the AVI, ASF, Matroska (MKV) demuxers, the XSPF playlist parser, and the ZIP archive decompressor.

- A heap-based buffer overflow vulnerability exists in RTMP access.

If an attacker can trick a user into opening a specially crafted file with the affected application, arbitrary code could be executed subject to the user's privileges.


Upgrade to VLC Media Player version 1.1.0 or later.

Note that the VLC developers have not released a pre-built version 1.0.6 for Windows so users are advised to upgrade to the next available version.

See Also




Plugin Details

Severity: High

ID: 48760

File Name: vlc_1_0_6.nasl

Version: $Revision: 1.12 $

Type: local

Agent: windows

Family: Windows

Published: 2010/08/26

Modified: 2016/11/15

Dependencies: 31852

Risk Information

Risk Factor: High


Base Score: 9.3

Temporal Score: 8.4

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:POC/RL:U/RC:ND

Vulnerability Information

CPE: cpe:/a:videolan:vlc_media_player

Required KB Items: SMB/VLC/Version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2010/04/19

Vulnerability Publication Date: 2010/04/19

Reference Information

CVE: CVE-2010-1441, CVE-2010-1442, CVE-2010-1443, CVE-2010-1444, CVE-2010-1445

BID: 39620, 41398

OSVDB: 63980, 63981, 63982, 63983, 63984, 63985, 63986, 63987, 63988, 67109, 74733, 74734, 74735, 74736, 74737