• Non sono ammesse registrazioni con indirizzi email temporanei usa e getta

VLC Media Player Real Demuxer Integer Overflow Vulnerability

ERCOLINO

Membro dello Staff
Amministratore
Registrato
3 Marzo 2003
Messaggi
244.420
Località
Torino
Secunia Advisory: SA32942

Release Date: 2008-12-01


Critical: Highly critical
Impact: DoS
System access
Where: From remote
Solution Status: Vendor Patch

Software: VLC media player 0.x

Description:
A vulnerability has been reported in VLC Media Player, which potentially can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an integer overflow within the "ReadRealIndex()" function in modules/demux/real.c. This can be exploited to e.g. cause a heap-based buffer overflow by tricking a user into opening a malicious file.

Successful exploitation may allow the execution of arbitrary code.

The vulnerability is reported in versions 0.9.0 through 0.9.6.

Solution:
Update to version 0.9.7.



Bollettino Sicurezza
 
scusa ercolino,
come faccio a passare alla versione 0.9.7 se ancora non c'è??:eusa_think:
 
Indietro
Alto Basso