VLC Media Player MP4 Demuxer Arbitrary Memory Overwrite

[ERCOLINO]

Secunia Advisory: SA29122
Release Date: 2008-02-27

Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch

Software:
VLC media player 0.x

CVE reference: CVE-2008-0984 (Secunia mirror)


Description:
A vulnerability has been reported in VLC Media Player, which can potentially be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a boundary error within the MP4 demuxer (modules/demux/mp4/mp4.c). This can be exploited to overwrite an almost arbitrary memory address via a specially crafted MPEG-4 file.

Successful exploitation may allow execution of arbitrary code.

The vulnerability is reported in version 0.8.6d. Other versions may also be affected.



Solution:
Apply vendor patch.
http://www.videolan.org/patches/vlc-0.8.6-CORE-2008-0130.patch


Bollettino di Sicurezza

 

[m4ybe]

ma questo file .patch come si usa?
si mette nella cartella di installazione?

 

[ERCOLINO]

Credo proprio di si

 

[viger]

Grazie Ercolino
Una domanda....ho provato a settare per la registrazione, audio, sul pc (per poi masterizzare) creando una cartella ad hoc, ma rimane sempre vuota.
Chi può darmi una dritta, dicendomi passo passo, le cose da fare?
Ringrazio anticipatamente i pazienti amici.

 

[Gingy]

Rilasciata la versione 0.8.6e

 

[ERCOLINO]

Rilasciata la versione 0.8.6e

VLC media player 0.8.6e, VideoLAN Security 0801 and 0802

2008-02-27

This is a bugfix release. VLC media player 0.8.6d and earlier versions suffer from security vulnerabilities in the Web interface, Subtitle demuxer, Real RTSP demuxer, SDL_image library and MP4 demuxer.
Technical details are available in our advisories: SA-0801 and SA-0802.
The usual collection of assorted changes and improvements can be found here.
This release fully supports Mac OS X 10.3.9 once again.
We strongly recommend all users to update to this new version.

http://www.videolan.org/