VLC Media Player < 1.1.5 Samba Share Access Module Code Execution (deprecated)

Medium Nessus Network Monitor Plugin ID 5710

Synopsis

The remote host contains an application that allows arbitrary code execution.

Description

The remote host contains VLC player, a multi-media application.

Versions of VLC media player earlier than 1.1.5 are potentially affected by a code execution vulnerability. Due to an error in the declaration of code calling conventions, VLC suffers from a stack smashing attack in the Samba network share access module which could lead to arbitrary code execution. Note that this issue only affects VLC for Windows.

Solution

Upgrade to VLC Media Player version 1.1.5 or later.

See Also

http://www.videolan.org/security/sa1006.html

http://shinnai.altervista.org/exploits/SH-008-20101026.html

Plugin Details

Severity: Medium

ID: 5710

File Name: 5710.prm

Family: Web Clients

Published: 2010/11/17

Modified: 2016/01/19

Dependencies: 1735, 8314

Nessus ID: 50650

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 6.8

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

CVSSv3

Base Score: 5.6

Temporal Score: 5.1

Vector: CVSS3#AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS3#E:P/RL:O/RC:C

Vulnerability Information

Patch Publication Date: 2010/11/13

Vulnerability Publication Date: 2010/11/13

Reference Information

BID: 44909