Summary
The host is installed with VLC Media Player and is prone to memory corruption vulnerability.
Impact
Successful exploitation could allow attackers to execute arbitrary code by tricking a user into opening a malicious file or visiting a specially crafted web page.
Impact Level: Application
Solution
Upgrade to the VLC media player version 1.1.8 or later, For updates refer to http://www.videolan.org/vlc/
Insight
The flaw is caused by a memory corruption error in the 'libdirectx' plugin when processing malformed NSV or AMV data, which allows the attackers to execute arbitrary code.
Affected
VLC media player version prior to 1.1.8 on Windows.
References
Severity
Classification
-
CVE CVE-2010-3275, CVE-2010-3276 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Air Multiple Vulnerabilities - December12 (Mac OS X)
- Adobe Acrobat Multiple Unspecified Vulnerabilities -01 Feb13 (Windows)
- Adobe ExtendedScript Toolkit (ESTK) Insecure Library Loading Vulnerability (Win)
- Adobe Acrobat Multiple Vulnerabilities April-2012 (Mac OS X)
- Adobe AIR Multiple Vulnerabilities(APSB14-22)-(Windows)