VLC Media Player AMV And NSV Data Processing Memory Corruption Vulnerability (Win) Network Vulnerability

Summary

The host is installed with VLC Media Player and is prone to memory corruption vulnerability.

Impact

Successful exploitation could allow attackers to execute arbitrary code by tricking a user into opening a malicious file or visiting a specially crafted web page. Impact Level: Application

Solution

Upgrade to the VLC media player version 1.1.8 or later, For updates refer to http://www.videolan.org/vlc/

Insight

The flaw is caused by a memory corruption error in the 'libdirectx' plugin when processing malformed NSV or AMV data, which allows the attackers to execute arbitrary code.

Affected

VLC media player version prior to 1.1.8 on Windows.

References

http://secunia.com/advisories/43826
http://securitytracker.com/id?1025250
http://www.vupen.com/english/advisories/2011/0759
http://xforce.iss.net/xforce/xfdb/66259

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-3275, CVE-2010-3276
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe Acrobat Multiple Vulnerabilities - 01 May14 (Mac OS X)
Adobe AIR Multiple Vulnerabilities-01 Dec13 (Mac OS X)
Adobe ExtendedScript Toolkit (ESTK) Insecure Library Loading Vulnerability (Win)
Adobe Air Multiple Vulnerabilities - October 12 (Windows)
Adobe Acrobat and Reader PDF Handling Multiple Vulnerabilities (Windows)

VLC Media Player AMV and NSV Data Processing Memory Corruption vulnerability (Win)

Take action and discover your vulnerabilities