Summary
This host is installed with VLC Media Player and is prone to Multiple Stack-Based Buffer Overflow Vulnerabilities.
Impact
Successful exploitation allows attackers to execute arbitrary code within the context of the VLC media player by tricking a user into opening a specially crafted file or can even crash an affected application.
Impact Level: Application
Solution
Upgrade to 0.9.6, or
Apply the available patch from below link,
http://git.videolan.org/?p=vlc.git
a=commitdiff
h=e3cef651125701a2e33a8d75b815b3e39681a447
http://git.videolan.org/?p=vlc.git
a=commitdiff
h=5f63f1562d43f32331006c2c1a61742de031b84d
*****
NOTE: Ignore this warning if above mentioned patch is already applied.
*****
Insight
The flaws are caused while parsing,
- header of an invalid CUE image file related to modules/access/vcd/cdrom.c.
- an invalid RealText(rt) subtitle file related to the ParseRealText function in modules/demux/subtitle.c.
Affected
VLC media player 0.5.0 through 0.9.5 on Windows (Any).
References
Severity
Classification
-
CVE CVE-2008-5032, CVE-2008-5036 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Flash Player/Air Multiple DoS Vulnerabilities - Aug09 (Linux)
- CUPS Subscription Incorrectly uses Guest Account DoS Vulnerability
- Google Chrome Multiple Denial of Service Vulnerabilities - January12 (Mac OS X)
- Adobe Reader/Acrobat JavaScript Method Handling Vulnerability (Linux)
- Apple Safari Multiple Vulnerabilities June-09 (Win) - I