VLC Media Player < 1.1.9 Multiple Vulnerabilities

High Nessus Plugin ID 53405


The remote Windows host contains a media player that is affected by multiple vulnerabilities.


The version of VLC media player installed on the remote host is earlier than 1.1.9. Such versions are affected by multiple vulnerabilities:

- A heap based buffer overflow exists in the function 'MP4_ReadBox_skcr' in 'modules/demux/mp4/libmp4.c'.
This issue can be triggered when parsing of a malicious MP4 file and lead to application crashes and possibly arbitrary code execution.

- An unspecified error exists in the third-party libmodplug component included with VLC.


Upgrade to VLC Media Player version 1.1.9 or later.

See Also



Plugin Details

Severity: High

ID: 53405

File Name: vlc_1_1_9.nasl

Version: $Revision: 1.5 $

Type: local

Agent: windows

Family: Windows

Published: 2011/04/13

Modified: 2014/11/07

Dependencies: 31852

Risk Information

Risk Factor: High


Base Score: 9.3

Temporal Score: 8.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:videolan:vlc_media_player

Required KB Items: SMB/VLC/Version

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2011/04/09

Vulnerability Publication Date: 2011/04/09

Reference Information

CVE: CVE-2011-1684

BID: 47293

OSVDB: 71705

Secunia: 44022