VCDQuality Forums
Show all 1 posts from this thread on one page

VCDQuality Forums (http://www.vcdhq.com/forum/index.php)
- Computer and Audio/Video help (http://www.vcdhq.com/forum/forumdisplay.php?forumid=56)
-- VLC Media Player Real Demuxer Integer Overflow Vulnerability (http://www.vcdhq.com/forum/showthread.php?threadid=83339)


Posted by RIP@Youceff on 12-03-2008 08:41 AM:

Exclamation VLC Media Player Real Demuxer Integer Overflow Vulnerability

quote:
VLC Media Player Real Demuxer Integer Overflow Vulnerability

SECUNIA ADVISORY ID:
SA32942

VERIFY ADVISORY:
http://secunia.com/advisories/32942/

CRITICAL:
Highly critical

IMPACT:
DoS, System access

WHERE:
From remote

SOFTWARE:
VLC media player 0.x
http://secunia.com/advisories/product/7788/

DESCRIPTION:
A vulnerability has been reported in VLC Media Player, which potentially can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an integer overflow within the "ReadRealIndex()" function in modules/demux/real.c. This can be exploited to e.g. cause a heap-based buffer overflow by tricking a user into opening a malicious file.

Successful exploitation may allow the execution of arbitrary code.

The vulnerability is reported in versions 0.9.0 through 0.9.6.

SOLUTION:
Update to version 0.9.7.


All times are GMT. The time now is 10:26 AM.
Show all 1 posts from this thread on one page

Powered by: vBulletin Version 2.3.0
Copyright © Jelsoft Enterprises Limited 2000 - 2002.