VLC Media Player XSPF Playlist Integer Overflow Vulnerability (Windows) Network Vulnerability

Summary

The host is installed with VLC Media Player and is prone integer overflow vulnerability.

Impact

Successful exploitation could allow attackers to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions. Impact Level: System/Application

Solution

Upgrade to the VLC media player version 1.1.10 or later, For updates refer to http://download.videolan.org/pub/videolan/vlc/

Insight

The flaw is due to an integer overflow in XSPF playlist file parser, which allows attackers to execute arbitrary code via unspecified vectors.

Affected

VLC media player version 0.8.5 through 1.1.9

References

http://www.videolan.org/security/sa1104.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-2194
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

avast! Multiple Vulnerabilities - Oct09 (Win)
Adobe Air Buffer Overflow Vulnerability (Windows)
ChaSen Buffer Overflow Vulnerability (Linux)
Adobe Flash Professional JPG Object Processing BOF Vulnerability (Windows)
Apple QuickTime Multiple Buffer Overflow Vulnerabilities (Windows)

Take action and discover your vulnerabilities