RIP@Youceff
Apr 2006
Registered
|
VLC Media Player Real Demuxer Integer Overflow Vulnerability
quote: VLC Media Player Real Demuxer Integer Overflow Vulnerability
SECUNIA ADVISORY ID:
SA32942
VERIFY ADVISORY:
http://secunia.com/advisories/32942/
CRITICAL:
Highly critical
IMPACT:
DoS, System access
WHERE:
From remote
SOFTWARE:
VLC media player 0.x
http://secunia.com/advisories/product/7788/
DESCRIPTION:
A vulnerability has been reported in VLC Media Player, which potentially can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to an integer overflow within the "ReadRealIndex()" function in modules/demux/real.c. This can be exploited to e.g. cause a heap-based buffer overflow by tricking a user into opening a malicious file.
Successful exploitation may allow the execution of arbitrary code.
The vulnerability is reported in versions 0.9.0 through 0.9.6.
SOLUTION:
Update to version 0.9.7.
Report this post to a moderator | IP: Logged
|