Buffer overflow : VLC Media Player USF and Text Subtitles Decoders BOF Vulnerabilities (Windows)

Preis/Funktionszusammenfassung | Bestellen | Neue Anfälligkeiten | Vertraulichkeit | Anfälligkeiten Suche

Anfälligkeitssuche		Suche in 61204 CVE Beschreibungen und 32582 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.902341

Kategorie: Buffer overflow

Titel: VLC Media Player USF and Text Subtitles Decoders BOF Vulnerabilities (Windows)

Zusammenfassung: Check for the version of VLC Media Player

Beschreibung:
Overview: The host is installed with VLC Media Player and is prone to buffer
overflow vulnerabilities.

Vulnerability Insight:
The flaws are caused by buffer overflow errors in the 'StripTags()' function
within the USF and Text subtitles decoders 'modules/codec/subtitles/subsdec.c'
and 'modules/codec/subtitles/subsusf.c' when processing malformed data.

Impact:
Successful exploitation could allow attackers to crash an affected application
or execute arbitrary code by convincing a user to open a malicious media file.

Impact Level: Application

Affected Software/OS:
VLC media player version 1.x before 1.1.6-rc

Fix: Upgrade to the VLC media player version 1.1.6-rc or later,
For updates refer to http://download.videolan.org/pub/videolan/vlc/

References:
http://xforce.iss.net/xforce/xfdb/65029
http://www.exploit-db.com/exploits/16108/
http://www.vupen.com/english/advisories/2011/0225

Querverweis: BugTraq ID: 46008
Common Vulnerability Exposure (CVE) ID: CVE-2011-0522
http://www.exploit-db.com/exploits/16108
http://www.openwall.com/lists/oss-security/2011/01/25/7
http://www.openwall.com/lists/oss-security/2011/01/25/9
http://mailman.videolan.org/pipermail/vlc-devel/2011-January/078607.html
http://mailman.videolan.org/pipermail/vlc-devel/2011-January/078614.html
http://www.securityfocus.com/bid/46008
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:12414
http://securityreason.com/securityalert/8064
http://www.vupen.com/english/advisories/2011/0225
XForce ISS Database: vlcmediaplayer-usf-bo(65029)
http://xforce.iss.net/xforce/xfdb/65029

Copyright Copyright (c) 2011 SecPod

Dies ist nur einer von 32582 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Registrierung eines neuen Benutzers
Email:

Benutzerkennung:

Passwort:

Bitte schicken Sie mir den monatlichen Newsletter, der mich über die neuesten Services, Verbesserungen und Umfragen informiert.

Bitte schicken Sie mir eine Anfälligkeitstest Benachrichtigung, wenn ein neuer Test hinzugefügt wird.

Datenschutz

Anmeldung für registrierte Benutzer

Benutzerkennung:

Passwort:

Benutzerkennung oder Passwort vergessen?

Email/Benutzerkennung:

Test Kennung:	1.3.6.1.4.1.25623.1.0.902341
Kategorie:	Buffer overflow
Titel:	VLC Media Player USF and Text Subtitles Decoders BOF Vulnerabilities (Windows)
Zusammenfassung:	Check for the version of VLC Media Player
Beschreibung:	Overview: The host is installed with VLC Media Player and is prone to buffer overflow vulnerabilities. Vulnerability Insight: The flaws are caused by buffer overflow errors in the 'StripTags()' function within the USF and Text subtitles decoders 'modules/codec/subtitles/subsdec.c' and 'modules/codec/subtitles/subsusf.c' when processing malformed data. Impact: Successful exploitation could allow attackers to crash an affected application or execute arbitrary code by convincing a user to open a malicious media file. Impact Level: Application Affected Software/OS: VLC media player version 1.x before 1.1.6-rc Fix: Upgrade to the VLC media player version 1.1.6-rc or later, For updates refer to http://download.videolan.org/pub/videolan/vlc/ References: http://xforce.iss.net/xforce/xfdb/65029 http://www.exploit-db.com/exploits/16108/ http://www.vupen.com/english/advisories/2011/0225
Querverweis:	BugTraq ID: 46008 Common Vulnerability Exposure (CVE) ID: CVE-2011-0522 http://www.exploit-db.com/exploits/16108 http://www.openwall.com/lists/oss-security/2011/01/25/7 http://www.openwall.com/lists/oss-security/2011/01/25/9 http://mailman.videolan.org/pipermail/vlc-devel/2011-January/078607.html http://mailman.videolan.org/pipermail/vlc-devel/2011-January/078614.html http://www.securityfocus.com/bid/46008 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:12414 http://securityreason.com/securityalert/8064 http://www.vupen.com/english/advisories/2011/0225 XForce ISS Database: vlcmediaplayer-usf-bo(65029) http://xforce.iss.net/xforce/xfdb/65029
Copyright	Copyright (c) 2011 SecPod