VLC Media Player TY Processing Buffer Overflow Vulnerability (Win) Network Vulnerability

Summary

This host is installed with VLC Media Player and is prone to Buffer Overflow Vulnerability.

Impact

Successful exploitation allows attackers to execute arbitrary code by tricking a user into opening a specially crafted TY file or can even crash an affected application. Impact Level: Application

Solution

Upgrade to Version 0.9.5, or Apply the available patch from below link, http://git.videolan.org/?p=vlc.git a=commitdiff h=26d92b87bba99b5ea2e17b7eaa39c462d65e9133#patch1 ***** NOTE: Ignore this warning if above mentioned patch is already applied. *****

Insight

The flaw is due to a boundary error while parsing the header of an invalid TY file.

Affected

VLC media player 0.9.0 through 0.9.4 on Windows (Any).

References

http://secunia.com/advisories/32339/
http://www.frsirt.com/english/advisories/2008/2856
http://www.trapkit.de/advisories/TKADV2008-010.txt
http://www.videolan.org/security/sa0809.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-4654, CVE-2008-4686
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

FreeSSHd Remote Denial of Service Vulnerability
Firefox XSL Parsing Vulnerability (Linux)
Epson EventManager 'x-protocol-version' Denial of Service Vulnerability
Adobe Flash Player/Air Multiple Vulnerabilities - August10 (Win)
Adobe Digital Edition Denial of Service Vulnerability (Mac OS X)

Take action and discover your vulnerabilities