VLC Media Player < 1.0.2 Multiple Buffer Overflows (deprecated)
Medium Nessus Network Monitor Plugin ID 5188
SynopsisThe remote host contains an application that is vulnerable to multiple attack vectors.
DescriptionThe version of VLC media player installed on the remote host that is earlier than 1.0.2. Such versions are potentially vulnerable to a stack overflow when parsing a MPF, ASF, or AVI file with an overly deep box structure. If an attacker can trick a user into opening a specially crafted MP4, ASF, or AVI file with the affected application, he may be able to execute arbitrary code subject to the user's privileges.
SolutionUpgrade to VLC Media Player 1.0.2 or later.