VLC Media Player Stack Overflow Vulnerability (Lin-Mar09) Network Vulnerability

Summary

This host is installed with VLC Media Player and is prone to Stack Overflow Vulnerability.

Impact

Successful exploitation allows the attacker to execute arbitrary codes with escalated privileges and cause overflow in stack. Impact Level: Application

Solution

Upgrade to VLC media player version 1.0 or later, For updates refer to http://www.videolan.org/vlc

Insight

This flaw is due to improper boundary checking in status.xml in the web interface by an overly long request.

Affected

VLC media player 0.9.8a and prior on Linux.

References

http://bugs.gentoo.org/show_bug.cgi?id=262708
http://www.openwall.com/lists/oss-security/2009/03/17/4
http://xforce.iss.net/xforce/xfdb/49249

Updated on 2017-03-28

Severity

Classification

CVE CVE-2009-1045

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Monkey HTTPD Host Header Buffer Overflow Vulnerability
VLC Media Player '.RM' File BOF Vulnerability (Linux)
VLC Media Player 'MP4_ReadBox_skcr()' Buffer Overflow Vulnerability (Linux)
Trend Micro OfficeScan URL Filtering Engine Buffer Overflow Vulnerability
ScriptFTP 'GETLIST' or 'GETFILE' Commands Remote Buffer Overflow Vulnerability

Take action and discover your vulnerabilities