VLC Media Player Buffer Overflow Vulnerability - July 13 (MAC OS X) Network Vulnerability

Summary

This host is installed with VLC Media Player and is prone to buffer overflow vulnerability.

Impact

Successful exploitation could allow attackers to execute arbitrary code or cause denial of service condition in the context of affected application via crafted ASF file.

Solution

Upgrade to VLC media player version 2.0.6 or later, For updates refer to http://www.videolan.org/vlc

Insight

Flaw due to error in 'DemuxPacket()' function in the ASF Demuxer component (modules/demux/asf/asf.c) when parsing ASF files.

Affected

VLC media player version 2.0.5 and prior on MAC OS X

Detection

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

References

http://secunia.com/advisories/51995
http://www.osvdb.org/89598
http://www.videolan.org/security/sa1302.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-1954
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Apple Safari Webcore Webkit 'XSSAuditor.cpp' XSS Vulnerability (Mac OS X)
Adobe Reader Unspecified Vulnerability (Windows)
Apple iTunes Insecure Permissions Privilege Escalation Vulnerability (Mac OS X)
Apple Safari 'background' Remote Denial Of Service Vulnerability
Adobe Flex SDK 'SWF' Files Cross-Site Scripting Vulnerability (Windows)

Take action and discover your vulnerabilities