VLC Media Player 'MP4_ReadBox_skcr()' Buffer Overflow Vulnerability (Windows) Network Vulnerability

Summary

The host is installed with VLC Media Player and is prone buffer overflow vulnerability.

Impact

Successful exploitation could allow attackers to execute arbitrary code by tricking a user into opening a malicious file or visiting a specially crafted web page. Impact Level: Application

Solution

Upgrade to the VLC media player version 1.1.9 or later, For updates refer to http://download.videolan.org/pub/videolan/vlc/

Insight

The flaw is caused by a heap corruption error in the 'MP4_ReadBox_skcr()' [modules/demux/mp4/libmp4.c] function when processing malformed MP4 (MPEG-4 Part 14) data.

Affected

VLC media player version prior to 1.1.9 on Windows

References

http://secunia.com/advisories/44022
http://www.vupen.com/english/advisories/2011/0916
http://xforce.iss.net/xforce/xfdb/66664

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-1684

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Foxit Reader Multiple Buffer Overflow Vulnerabilities
Simple Web Server Connection Header Buffer Overflow Vulnerability
Novell iManager jclient 'EnteredAttrName' Buffer Overflow Vulnerability
VMCI/HGFS VmWare Code Execution Vulnerability (Win)
Tcptrack Command Line Parsing Heap Based Buffer Overflow Vulnerability

Take action and discover your vulnerabilities