Denial of Service : VLC Media Player Multiple Stack-Based BOF Vulnerabilities (Nov 2008)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.800132

Categoría: Denial of Service

Título: VLC Media Player Multiple Stack-Based BOF Vulnerabilities (Nov 2008) - Windows

Resumen: VLC Media Player is prone to Multiple Stack-Based Buffer Overflow Vulnerabilities.

Descripción: Summary:
VLC Media Player is prone to Multiple Stack-Based Buffer Overflow Vulnerabilities.

Vulnerability Insight:
The flaws are caused while parsing,

- header of an invalid CUE image file related to modules/access/vcd/cdrom.c.

- an invalid RealText(rt) subtitle file related to the ParseRealText function
in modules/demux/subtitle.c.

Vulnerability Impact:
Successful exploitation allows attackers to execute arbitrary code
within the context of the VLC media player by tricking a user into opening
a specially crafted file or can even crash an affected application.

Affected Software/OS:
VLC media player 0.5.0 through 0.9.5 on Windows (Any).

Solution:
Upgrade to 0.9.6 or later.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2008-5032
BugTraq ID: 32125
http://www.securityfocus.com/bid/32125
Bugtraq: 20081106 [TKADV2008-012] VLC media player cue Processing Stack Overflow Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/498112/100/0/threaded
http://security.gentoo.org/glsa/glsa-200812-24.xml
http://www.trapkit.de/advisories/TKADV2008-012.txt
http://www.openwall.com/lists/oss-security/2008/11/05/5
http://www.openwall.com/lists/oss-security/2008/11/05/4
http://www.openwall.com/lists/oss-security/2008/11/10/13
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14798
http://secunia.com/advisories/32569
http://secunia.com/advisories/33315
XForce ISS Database: vlcmediaplayer-cue-bo(46375)
https://exchange.xforce.ibmcloud.com/vulnerabilities/46375
Common Vulnerability Exposure (CVE) ID: CVE-2008-5036
Bugtraq: 20081106 [TKADV2008-011] VLC media player RealText Processing Stack Overflow Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/498111/100/0/threaded
https://www.exploit-db.com/exploits/7051
http://www.trapkit.de/advisories/TKADV2008-011.txt
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14329
XForce ISS Database: vlcmediaplayer-realtext-bo(46376)
https://exchange.xforce.ibmcloud.com/vulnerabilities/46376

Copyright Copyright (C) 2008 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.800132
Categoría:	Denial of Service
Título:	VLC Media Player Multiple Stack-Based BOF Vulnerabilities (Nov 2008) - Windows
Resumen:	VLC Media Player is prone to Multiple Stack-Based Buffer Overflow Vulnerabilities.
Descripción:	Summary: VLC Media Player is prone to Multiple Stack-Based Buffer Overflow Vulnerabilities. Vulnerability Insight: The flaws are caused while parsing, - header of an invalid CUE image file related to modules/access/vcd/cdrom.c. - an invalid RealText(rt) subtitle file related to the ParseRealText function in modules/demux/subtitle.c. Vulnerability Impact: Successful exploitation allows attackers to execute arbitrary code within the context of the VLC media player by tricking a user into opening a specially crafted file or can even crash an affected application. Affected Software/OS: VLC media player 0.5.0 through 0.9.5 on Windows (Any). Solution: Upgrade to 0.9.6 or later. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2008-5032 BugTraq ID: 32125 http://www.securityfocus.com/bid/32125 Bugtraq: 20081106 [TKADV2008-012] VLC media player cue Processing Stack Overflow Vulnerability (Google Search) http://www.securityfocus.com/archive/1/498112/100/0/threaded http://security.gentoo.org/glsa/glsa-200812-24.xml http://www.trapkit.de/advisories/TKADV2008-012.txt http://www.openwall.com/lists/oss-security/2008/11/05/5 http://www.openwall.com/lists/oss-security/2008/11/05/4 http://www.openwall.com/lists/oss-security/2008/11/10/13 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14798 http://secunia.com/advisories/32569 http://secunia.com/advisories/33315 XForce ISS Database: vlcmediaplayer-cue-bo(46375) https://exchange.xforce.ibmcloud.com/vulnerabilities/46375 Common Vulnerability Exposure (CVE) ID: CVE-2008-5036 Bugtraq: 20081106 [TKADV2008-011] VLC media player RealText Processing Stack Overflow Vulnerability (Google Search) http://www.securityfocus.com/archive/1/498111/100/0/threaded https://www.exploit-db.com/exploits/7051 http://www.trapkit.de/advisories/TKADV2008-011.txt https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14329 XForce ISS Database: vlcmediaplayer-realtext-bo(46376) https://exchange.xforce.ibmcloud.com/vulnerabilities/46376
Copyright	Copyright (C) 2008 Greenbone AG