VLC < 2.0.6 ASF Demuxer Buffer Overflow

Medium Nessus Plugin ID 66216

Synopsis

The remote Windows host contains a media player that is affected by a buffer overflow vulnerability.

Description

The version of VLC media player installed on the remote host is earlier than 2.0.6. It is, therefore, reportedly affected by a buffer overflow vulnerability related to the ASF demuxer plugin.

Solution

Upgrade to VLC version 2.0.6 or later. Alternatively, remove the affected plugin file from VLC's plugins directory.

See Also

http://www.videolan.org/security/sa1302.html

http://www.nessus.org/u?b8052708

http://trac.videolan.org/vlc/ticket/8024

http://www.videolan.org/vlc/releases/2.0.6.html

Plugin Details

Severity: Medium

ID: 66216

File Name: vlc_2_0_6.nasl

Version: 1.3

Type: local

Agent: windows

Family: Windows

Published: 2013/04/25

Updated: 2019/11/27

Dependencies: 31852

Risk Information

Risk Factor: Medium

CVSS Score Source: CVE-2013-1954

CVSS v2.0

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:videolan:vlc_media_player

Required KB Items: SMB/VLC/Version

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2013/01/17

Vulnerability Publication Date: 2013/01/11

Reference Information

CVE: CVE-2013-1954

BID: 57333