Summary
This host is installed with VLC Media Player and is prone to buffer overflow vulnerability.
Impact
Successful exploitation could allow attackers to execute arbitrary code or cause denial of service condition in the context of affected application via crafted ASF file.
Solution
Upgrade to VLC media player version 2.0.6 or later, For updates refer to http://www.videolan.org/vlc
Insight
Flaw due to error in 'DemuxPacket()' function in the ASF Demuxer component (modules/demux/asf/asf.c) when parsing ASF files.
Affected
VLC media player version 2.0.5 and prior on Windows
Detection
Get the installed version with the help of detect NVT and check the version is vulnerable or not.
References
Severity
Classification
-
CVE CVE-2013-1954 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Apple iTunes Multiple Vulnerabilities - Apr10
- Apple Safari 'Webkit' Multiple Vulnerabilities -01 Feb15 (Mac OS X)
- Adobe Reader 'file://' URL Information Disclosure Vulnerability Feb07 (Linux)
- Adobe Flash Player Unspecified Cross-Site Scripting Vulnerability June-2011 (Linux)
- Apple Safari Multiple Memory Corruption Vulnerabilities-01 Aug14 (Mac OS X)