VLC Media Player 'real_get_rdt_chunk' BOF Vulnerability-02 Jan15 (Mac OS X) Network Vulnerability

Summary

The host is installed with VLC media player and is prone to buffer overflow vulnerability.

Impact

Successful exploitation will allow attacker to execute an arbitrary code within the context of the VLC media player and potentially compromise a user's system. Impact Level: System/Application

Solution

Upgrade to VideoLAN VLC media player version 1.0.1 or later. For updates refer http://www.videolan.org/

Insight

The error exists due to an integer underflow in the 'real_get_rdt_chunk' function within modules/access/rtsp/real.c script.

Affected

VideoLAN VLC media player before 1.0.1 on Mac OS X.

Detection

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

References

http://packetstormsecurity.com/files/cve/CVE-2010-2062
http://seclists.org/fulldisclosure/2009/Jul/418
http://secunia.com/advisories/36037/

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-2062
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Adobe Reader 'mailListIsPdf' Buffer Overflow Vulnerability (Linux)
Adobe Acrobat and Reader SING 'uniqueName' Buffer Overflow Vulnerability (Linux)
Becky! Internet Mail Buffer Overflow Vulnerability
Adobe Reader 'XFDF' File Buffer Overflow Vulnerability (Mac OS X)
avast! 'aswRdr.sys' Buffer Overflow Vulnerability

Take action and discover your vulnerabilities