Summary
The host is installed with VLC media player
and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow
attackers to conduct a denial of service or potentially compromise a user's system.
Impact Level: System/Application
Solution
Upgrade to VideoLAN VLC media player
version 1.0.6 or later. For updates refer http://www.videolan.org/
Insight
Multiple flaws are due to,
- Multiple errors in the A/52 audio decoder, DTS audio decoder, MPEG audio decoder, AVI demuxer, ASF demuxer and Matroska demuxer.
- An error when processing XSPF playlists.
- A use-after-free error when attempting to create a playlist of the contents of a malformed zip archive.
- An error in the RTMP implementation.
Affected
VideoLAN VLC media player before version
1.0.6 on Windows.
Detection
Get the installed version with the help
of detect NVT and check the version is vulnerable or not.
References
Severity
Classification
-
CVE CVE-2010-1441, CVE-2010-1442, CVE-2010-1443, CVE-2010-1444, CVE-2010-1445 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Adobe Flash Player Buffer Overflow Vulnerability - Apr14 (Windows)
- Adobe AIR Multiple Vulnerabilities -02 April 13 (Windows)
- Adobe Acrobat Multiple Vulnerabilities-01 Dec14 (Mac OS X)
- Adobe AIR Multiple Vulnerabilities-01 Sep14 (Windows)
- Adobe Acrobat and Reader PDF Handling Code Execution Vulnerability (Windows)