VLC Media Player AMV And NSV Data Processing Memory Corruption Vulnerability (Win) Network Vulnerability

Summary

The host is installed with VLC Media Player and is prone to memory corruption vulnerability.

Impact

Successful exploitation could allow attackers to execute arbitrary code by tricking a user into opening a malicious file or visiting a specially crafted web page. Impact Level: Application

Solution

Upgrade to the VLC media player version 1.1.8 or later, For updates refer to http://www.videolan.org/vlc/

Insight

The flaw is caused by a memory corruption error in the 'libdirectx' plugin when processing malformed NSV or AMV data, which allows the attackers to execute arbitrary code.

Affected

VLC media player version prior to 1.1.8 on Windows.

References

http://secunia.com/advisories/43826
http://securitytracker.com/id?1025250
http://www.vupen.com/english/advisories/2011/0759
http://xforce.iss.net/xforce/xfdb/66259

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-3275, CVE-2010-3276

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe Air Multiple Vulnerabilities -01 August 12 (Windows)
Aastra IP Telephone Hardcoded Telnet Password Security Bypass Vulnerability
Adobe Acrobat Out-of-bounds Vulnerability Feb15 (Mac OS X)
Adobe Acrobat and Reader Multiple Vulnerabilities -Oct10 (Windows)
Adobe Extension Manager CS5 Insecure Library Loading Vulnerability (Win)

VLC Media Player AMV and NSV Data Processing Memory Corruption vulnerability (Win)

Take action and discover your vulnerabilities