Summary
The host is installed with VLC media player
and is prone to multiple buffer overflow vulnerabilities.
Impact
Successful exploitation will allow
attackers to conduct a denial of service attack or potentially the execution of arbitrary code.
Impact Level: System/Application
Solution
Upgrade to VideoLAN VLC media player
version 1.0.2 or later. For updates refer http://www.videolan.org/
Insight
Multiple flaws are due to overflow conditions
in the,
- ASF_ObjectDumpDebug function within modules/demux/asf/libasf.c script, - AVI_ChunkDumpDebug_level function within modules/demux/avi/libavi.c script, - AVI_ChunkDumpDebug_level function within modules/demux/avi/libavi.c script - MP4_BoxDumpStructure function within modules/demux/mp4/libmp4.c script.
Affected
VideoLAN VLC media player before 1.0.2
on Mac OS X.
Detection
Get the installed version with the help
of detect NVT and check the version is vulnerable or not.
References
Severity
Classification
-
CVE CVE-2011-3623 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- CA eTrust PestPatrol Anti-Spyware 'ppctl.dll' ActiveX Control BOF Vulnerability
- Apple QuickTime Multiple Buffer Overflow Vulnerabilities (Windows)
- Adobe Flash Professional JPG Object Processing BOF Vulnerability (Windows)
- Adobe Reader/Acrobat Multiple BOF Vulnerabilities - Jun09 (Win)
- Citrix Provisioning Services SoapServer Buffer Overflow Vulnerability