Secunia Advisory: SA28233
Release Date: 2007-12-25
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Workaround
Software: VLC media player 0.x
Description:
Some vulnerabilities have been discovered in VLC Media Player, which can be exploited by malicious people to compromise a user's system.
1) Boundary errors in the "ParseMicroDvd()", "ParseSSA()", and "ParseVplayer()" functions when handling subtitles can be exploited to cause stack-based buffer overflows.
2) A format string error in the web interface listening on port 8080/tcp (disabled by default) can be exploited via a specially crafted HTTP request with a "Connection" header value containing format specifiers.
Successful exploitation of the vulnerabilities allows execution of arbitrary code.
The vulnerabilities have been confirmed in version 0.8.6d. Other versions may also be affected.
Solution:
Fixed in the SVN repository.
Bollettino di Sicurezza
Release Date: 2007-12-25
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Workaround
Software: VLC media player 0.x
Description:
Some vulnerabilities have been discovered in VLC Media Player, which can be exploited by malicious people to compromise a user's system.
1) Boundary errors in the "ParseMicroDvd()", "ParseSSA()", and "ParseVplayer()" functions when handling subtitles can be exploited to cause stack-based buffer overflows.
2) A format string error in the web interface listening on port 8080/tcp (disabled by default) can be exploited via a specially crafted HTTP request with a "Connection" header value containing format specifiers.
Successful exploitation of the vulnerabilities allows execution of arbitrary code.
The vulnerabilities have been confirmed in version 0.8.6d. Other versions may also be affected.
Solution:
Fixed in the SVN repository.
Bollettino di Sicurezza
