VLC Media Player XSPF Playlist Integer Overflow
High Nessus Plugin ID 55024
SynopsisThe remote Windows host contains a media player that can allow code execution.
DescriptionThe version of VLC media player installed on the remote host is 0.8.5 or later and is earlier than 1.1.10. Such versions are affected by an integer overflow vulnerability that can be exploited by tricking a user into opening a crafted XSPF playlist file. Exploiting this vulnerability can lead to application crashes and possibly code execution.
SolutionUpgrade to VLC Media Player version 1.1.10 or later.