VLC Media Player '.mkv' Code Execution Vulnerability (Linux) Network Vulnerability

Summary

The host is installed with VLC Media Player and is prone to arbitrary code execution vulnerability.

Impact

Successful exploitation could allow attackers to execute arbitrary code by tricking a user into opening a specially crafted MKV file. Impact Level: Application

Solution

Upgrade to the VLC media player version 1.1.7 or later, For updates refer to http://download.videolan.org/pub/videolan/vlc/

Insight

The flaw is due to an input validation error within the 'MKV_IS_ID' macro in 'modules/demux/mkv/mkv.hpp' of the MKV demuxer, when parsing the MKV file.

Affected

VLC media player version 1.1.6.1 and prior on Linux

References

http://osvdb.org/70698
http://www.securitytracker.com/id?1025018
http://xforce.iss.net/xforce/xfdb/65045

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-0531

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe AIR Multiple Vulnerabilities -01 Feb13 (Windows)
Aastra IP Telephone Hardcoded Telnet Password Security Bypass Vulnerability
Adobe Acrobat Multiple Vulnerabilities April-2012 (Windows)
Adobe AIR Multiple Vulnerabilities -01 April 13 (Mac OS X)
Adobe Acrobat Multiple Vulnerabilities - Mac OS X

Take action and discover your vulnerabilities