VLC Media Player 0.5.0 to 0.9.5 Stack-Based Buffer Overflows

high Nessus Plugin ID 34730

Synopsis

The remote Windows host contains an application that is affected by multiple buffer overflow vulnerabilities.

Description

A version of VLC between 0.5.0 and 0.9.5 is installed on the remote host. Such versions are affected by the following vulnerabilities :

- RealText subtitle file (modules\demux\subtitle.c) processing is susceptible to a buffer overflow caused by user-supplied data from a malicious subtitle file being copied into static buffers without proper validation.

- CUE image file (modules\access\vcd\cdrom.c) processing is susceptible to a stack-based buffer overflow because data supplied by the CUE file is supplied as an array index without proper validation.

An attacker may be able to leverage these issues to execute arbitrary code on the remote host by tricking a user into opening a specially crafted video file using the affected application.

Solution

Upgrade to VLC version 0.9.6 or later.

See Also

http://www.trapkit.de/advisories/TKADV2008-012.txt

https://www.securityfocus.com/archive/1/498111/30/0/threaded

https://www.securityfocus.com/archive/1/498112/30/0/threaded

http://www.videolan.org/security/sa0810.html

http://permalink.gmane.org/gmane.comp.security.oss.general/1140

Plugin Details

Severity: High

ID: 34730

File Name: vlc_0_9_6.nasl

Version: 1.17

Type: local

Agent: windows

Family: Windows

Published: 11/10/2008

Updated: 11/15/2018

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 7.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:videolan:vlc_media_player

Required KB Items: SMB/VLC/Version

Exploit Available: true

Exploit Ease: Exploits are available

Exploitable With

Core Impact

Metasploit (VLC Media Player RealText Subtitle Overflow)

Reference Information

CVE: CVE-2008-5032, CVE-2008-5036

BID: 32125, 36403

CWE: 119