Test ID:	1.3.6.1.4.1.25623.1.0.801784
Category:	Buffer overflow
Title:	VLC Media Player 'MP4_ReadBox_skcr()' Buffer Overflow Vulnerability - Windows
Summary:	VLC Media Player is prone to a buffer overflow vulnerability.
Description:	Summary: VLC Media Player is prone to a buffer overflow vulnerability. Vulnerability Insight: The flaw is caused by a heap corruption error in the 'MP4_ReadBox_skcr()' [modules/demux/mp4/libmp4.c] function when processing malformed MP4 (MPEG-4 Part 14) data. Vulnerability Impact: Successful exploitation could allow attackers to execute arbitrary code by tricking a user into opening a malicious file or visiting a specially crafted web page. Affected Software/OS: VLC media player version prior to 1.1.9 on Windows Solution: Upgrade to the VLC media player version 1.1.9 or later. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2011-1684 BugTraq ID: 47293 http://www.securityfocus.com/bid/47293 Debian Security Information: DSA-2218 (Google Search) http://www.debian.org/security/2011/dsa-2218 http://openwall.com/lists/oss-security/2011/04/11/17 http://openwall.com/lists/oss-security/2011/04/13/14 http://openwall.com/lists/oss-security/2011/04/13/17 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14741 http://securitytracker.com/id?1025373 http://secunia.com/advisories/43890 http://secunia.com/advisories/44022 http://www.vupen.com/english/advisories/2011/0916 http://www.vupen.com/english/advisories/2011/0954 XForce ISS Database: vlcmediaplayer-mp4readboxskcr-bo(66664) https://exchange.xforce.ibmcloud.com/vulnerabilities/66664
Copyright	Copyright (C) 2011 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.