Summary
This host is installed with VLC Media Player and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow attackers to overflow buffer, cause denial of service or potentially execution of arbitrary code.
Solution
Upgrade to VLC media player version 2.0.5 or later, For updates refer to http://www.videolan.org/vlc
Insight
Multiple flaws due to,
- Error in 'SHAddToRecentDocs()' function.
- Error due to improper validation of user supplied inputs when handling HTML subtitle files.
Affected
VLC media player version 2.0.4 and prior on MAC OS X
Detection
Get the installed version with the help of detect NVT and check the version is vulnerable or not.
References
Severity
Classification
-
CVE CVE-2012-5855, CVE-2013-1868 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Flash Player Arbitrary Code Execution Vulnerability - 01 Feb14 (Windows)
- Adobe Air and Flash Player Multiple Vulnerabilities August-2011 (Windows)
- Adobe Acrobat Multiple Unspecified Vulnerabilities -01 Feb13 (Mac OS X)
- Adobe AIR Multiple Vulnerabilities -01 Feb13 (Linux)
- Adobe Acrobat Multiple Unspecified Vulnerabilities-01 Sep13 (Mac OS X)