VLC Media Player XSPF Playlist Memory Corruption Vulnerability (Win) Network Vulnerability

Summary

This host is installed with VLC Media Player and is prone to Memory Corruption Vulnerability.

Impact

Successful exploitation allows attackers to execute arbitrary code by tricking a user into opening a specially crafted XSPF file or even can crash an affected application. Impact Level: Application

Solution

Upgrade to Version 0.9.3 or later, http://www.videolan.org/vlc/

Insight

The flaw exists due to VLC (xspf.c) library does not properly perform bounds checking on an identifier tag from an XSPF file before using it to index an array on the heap.

Affected

VLC media player 0.9.2 and prior Windows (Any).

References

http://secunia.com/advisories/32267/
http://www.coresecurity.com/content/vlc-xspf-memory-corruption
http://www.frsirt.com/english/advisories/2008/2826/products

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-4558
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Apple Safari WebKit Property Memory Leak Remote DoS Vulnerability
BadBlue invalid GET DoS
Asterisk T.38 Negotiation Remote Denial Of Service Vulnerability
Firefox XUL Parsing Denial of Service Vulnerability (Win)
Adobe Flash Media Server XML Data Remote Denial of Service Vulnerability

Take action and discover your vulnerabilities