Summary
The host is installed with VLC media player
and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow
attackers to conduct a denial of service or potentially compromise a user's system.
Impact Level: System/Application
Solution
Upgrade to VideoLAN VLC media player
version 1.0.6 or later. For updates refer http://www.videolan.org/
Insight
Multiple flaws are due to,
- Multiple errors in the A/52 audio decoder, DTS audio decoder, MPEG audio decoder, AVI demuxer, ASF demuxer and Matroska demuxer.
- An error when processing XSPF playlists.
- A use-after-free error when attempting to create a playlist of the contents of a malformed zip archive.
- An error in the RTMP implementation.
Affected
VideoLAN VLC media player before 1.0.6
on Linux.
Detection
Get the installed version with the help
of detect NVT and check the version is vulnerable or not.
References
Severity
Classification
-
CVE CVE-2010-1441, CVE-2010-1442, CVE-2010-1443, CVE-2010-1444, CVE-2010-1445 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Adobe AIR Security Bypass Vulnerability Jan14 (Windows)
- Adobe Air Multiple Vulnerabilities -01 May 13 (Mac OS X)
- Adobe AIR Multiple Vulnerabilities-01 Jan15 (Mac OS X)
- Adobe Acrobat and Reader PDF Handling Code Execution Vulnerability (Windows)
- Adobe Flash Player 'SWF' File Multiple Code Execution Vulnerability - Windows