Test ID:	1.3.6.1.4.1.25623.1.0.800112
Category:	Denial of Service
Title:	VLC Media Player XSPF Playlist Memory Corruption Vulnerability - Windows
Summary:	VLC Media Player is prone to a memory corruption vulnerability.
Description:	Summary: VLC Media Player is prone to a memory corruption vulnerability. Vulnerability Insight: The flaw exists due to VLC (xspf.c) library does not properly perform bounds checking on an identifier tag from an XSPF file before using it to index an array on the heap. Vulnerability Impact: Successful exploitation allows attackers to execute arbitrary code by tricking a user into opening a specially crafted XSPF file or even can crash an affected application. Affected Software/OS: VLC media player 0.9.2 and prior Windows (Any). Solution: Upgrade to Version 0.9.3 or later. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2008-4558 BugTraq ID: 31758 http://www.securityfocus.com/bid/31758 Bugtraq: 20081014 CORE-2008-1010: VLC media player XSPF Memory Corruption (Google Search) http://www.securityfocus.com/archive/1/497354/100/0/threaded http://www.exploit-db.com/exploits/6756 http://www.coresecurity.com/content/vlc-xspf-memory-corruption https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14726 http://secunia.com/advisories/32267 http://www.vupen.com/english/advisories/2008/2826 XForce ISS Database: vlc-parsetracknode-code-execution(45869) https://exchange.xforce.ibmcloud.com/vulnerabilities/45869
Copyright	Copyright (C) 2008 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.