Summary
The host is installed with VLC Media Player and is prone to buffer overflow vulnerability.
Impact
Successful exploitation could allow attackers to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.
Impact Level: Application
Solution
Upgrade to the VLC media player version 1.1.11 or later, For updates refer to http://www.videolan.org/
Insight
The flaw is due to missing input validation when allocating memory using certain values from a RealAudio data block within RealMedia (RM) files.
Affected
VLC media player version 1.1.0 to 1.1.10 on Linux.
References
Severity
Classification
-
CVE CVE-2011-2587 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- IrfanView Buffer Overflow Vulnerabilities
- Oracle MySQL 'COM_FIELD_LIST' Command Buffer Overflow Vulnerability
- IrfanView JPEG-2000 Plugin Remote Stack Based Buffer Overflow Vulnerability
- Simple Web Server Connection Header Buffer Overflow Vulnerability
- VLC Media Player Stack Overflow Vulnerability (Win-Mar09)