Detections
Analytics

VLC Media Player < 2.0.1 Multiple Vulnerabilities

high Nessus Plugin ID 58416

Language:

Synopsis

The remote Windows host contains a media player that is affected by multiple vulnerabilities.

Description

The version of VLC media player installed on the remote host is earlier than 2.0.1. Such versions are affected by multiple vulnerabilities:

 - The function 'MMSOpen' in the MMS access plugin contains a boundary error that can allow a stack-based buffer overflow when maliciously crafted MMS streams are opened. (CVE-2012-1775)

 - The Realrtsp plugin contains an unspecified error that can allow a heap-based buffer overflow when maliciously crafted Real rtsp streams are opened. (CVE-2012-1776)

Solution

Upgrade to VLC Media Player version 2.0.1 or later. Alternatively, remove any affected plugin files from VLC's plugins directory.

See Also

http://www.nessus.org/u?58d31350

http://www.videolan.org/security/sa1201.html

http://www.videolan.org/security/sa1202.html

http://www.videolan.org/vlc/releases/2.0.1.html

http://www.nessus.org/u?d62cd2cc

http://www.nessus.org/u?6d1dc580

http://www.nessus.org/u?22cac0f0

http://www.nessus.org/u?dbc08f65

Plugin Details

Severity: High

ID: 58416

File Name: vlc_2_0_1.nasl

Version: 1.12

Type: local

Agent: windows

Family: Windows

Published: 3/21/2012

Updated: 11/15/2018

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 7.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:videolan:vlc_media_player

Required KB Items: SMB/VLC/Version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 3/19/2012

Vulnerability Publication Date: 3/19/2012

Exploitable With

Core Impact

Metasploit (VLC MMS Stream Handling Buffer Overflow)

Reference Information

CVE: CVE-2012-1775, CVE-2012-1776

BID: 52550, 53391