Detections
Analytics
VLC Media Player 0.5.0 to 0.9.5 Stack-Based Buffer Overflows
high Nessus Plugin ID 34730
Synopsis
The remote Windows host contains an application that is affected by multiple buffer overflow vulnerabilities.Description
A version of VLC between 0.5.0 and 0.9.5 is installed on the remote host. Such versions are affected by the following vulnerabilities :- RealText subtitle file (modules\demux\subtitle.c) processing is susceptible to a buffer overflow caused by user-supplied data from a malicious subtitle file being copied into static buffers without proper validation.
- CUE image file (modules\access\vcd\cdrom.c) processing is susceptible to a stack-based buffer overflow because data supplied by the CUE file is supplied as an array index without proper validation.
An attacker may be able to leverage these issues to execute arbitrary code on the remote host by tricking a user into opening a specially crafted video file using the affected application.
Solution
Upgrade to VLC version 0.9.6 or later.See Also
http://www.trapkit.de/advisories/TKADV2008-012.txt
https://www.securityfocus.com/archive/1/498111/30/0/threaded
https://www.securityfocus.com/archive/1/498112/30/0/threaded
http://www.videolan.org/security/sa0810.html
http://permalink.gmane.org/gmane.comp.security.oss.general/1140
Plugin Details
Severity: High
ID: 34730
File Name: vlc_0_9_6.nasl
Version: 1.17
Type: local
Agent: windows
Family: Windows
Published: 11/10/2008
Updated: 11/15/2018
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: High
Score: 7.4
CVSS v2
Risk Factor: High
Base Score: 9.3
Temporal Score: 7.7
Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: cpe:/a:videolan:vlc_media_player
Required KB Items: SMB/VLC/Version
Exploit Available: true
Exploit Ease: Exploits are available
Exploitable With
Core Impact
Metasploit (VLC Media Player RealText Subtitle Overflow)
Reference Information
CVE: CVE-2008-5032, CVE-2008-5036
CWE: 119