VLC Media Player < 1.0.2 Multiple Buffer Overflows (deprecated)

Medium Nessus Network Monitor Plugin ID 5188

Synopsis

The remote host contains an application that is vulnerable to multiple attack vectors.

Description

The version of VLC media player installed on the remote host that is earlier than 1.0.2. Such versions are potentially vulnerable to a stack overflow when parsing a MPF, ASF, or AVI file with an overly deep box structure. If an attacker can trick a user into opening a specially crafted MP4, ASF, or AVI file with the affected application, he may be able to execute arbitrary code subject to the user's privileges.

Solution

Upgrade to VLC Media Player 1.0.2 or later.

See Also

http://www.videolan.org/security/sa0901.html

Plugin Details

Severity: Medium

ID: 5188

Family: Web Clients

Published: 2009/09/25

Modified: 2016/01/19

Dependencies: 1735, 8314

Nessus ID: 41626

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 6.8

Temporal Score: 5.6

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

CVSSv3

Base Score: 5.6

Temporal Score: 5.2

Vector: CVSS3#AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS3#E:F/RL:O/RC:C

Vulnerability Information

Patch Publication Date: 2009/09/22

Vulnerability Publication Date: 2009/09/17

Reference Information

BID: 36439