VLC Media Player '.mkv' Code Execution Vulnerability (Linux) Network Vulnerability

Summary

The host is installed with VLC Media Player and is prone to arbitrary code execution vulnerability.

Impact

Successful exploitation could allow attackers to execute arbitrary code by tricking a user into opening a specially crafted MKV file. Impact Level: Application

Solution

Upgrade to the VLC media player version 1.1.7 or later, For updates refer to http://download.videolan.org/pub/videolan/vlc/

Insight

The flaw is due to an input validation error within the 'MKV_IS_ID' macro in 'modules/demux/mkv/mkv.hpp' of the MKV demuxer, when parsing the MKV file.

Affected

VLC media player version 1.1.6.1 and prior on Linux

References

http://osvdb.org/70698
http://www.securitytracker.com/id?1025018
http://xforce.iss.net/xforce/xfdb/65045

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-0531
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe Acrobat and Reader PDF Handling Code Execution Vulnerability (Windows)
Adobe AIR Multiple Vulnerabilities-01 Jan15 (Mac OS X)
Adobe Flash Player Code Execution and DoS Vulnerabilities (Linux)
Adobe Acrobat Multiple Vulnerabilities - Mac OS X
Adobe Acrobat and Reader PDF Handling Multiple Vulnerabilities (Linux)

Take action and discover your vulnerabilities