General : VLC Media Player Subtitle Remote Code Execution Vulnerability

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.811052

Categoría: General

Título: VLC Media Player Subtitle Remote Code Execution Vulnerability - Windows

Resumen: VLC media player is prone to a heap overflow vulnerability.

Descripción: Summary:
VLC media player is prone to a heap overflow vulnerability.

Vulnerability Insight:
The flaw exists due to the poor state of
security in the way media player process subtitle files and the large number
of subtitle formats. There are over 25 subtitle formats in use, each with unique
features and capabilities. Media player often need to parse together multiple
subtitle formats to ensure coverage and provide a better user experience. Like
other, similar situations which involve fragmented software, this results in
numerous distinct vulnerabilities.

Vulnerability Impact:
Successful exploitation will allow remote
attackers to take complete control over any device running them.

Affected Software/OS:
VideoLAN VLC media player before 2.2.5.1 on Windows.

Solution:
Upgrade to VideoLAN VLC media player version
2.2.5.1 or later.

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2017-8313
BugTraq ID: 98633
http://www.securityfocus.com/bid/98633
Debian Security Information: DSA-3899 (Google Search)
http://www.debian.org/security/2017/dsa-3899
https://security.gentoo.org/glsa/201707-10
Common Vulnerability Exposure (CVE) ID: CVE-2017-8312
BugTraq ID: 98631
http://www.securityfocus.com/bid/98631
Common Vulnerability Exposure (CVE) ID: CVE-2017-8311
BugTraq ID: 98634
http://www.securityfocus.com/bid/98634
https://www.exploit-db.com/exploits/44514/
Common Vulnerability Exposure (CVE) ID: CVE-2017-8310
BugTraq ID: 98638
http://www.securityfocus.com/bid/98638

Copyright Copyright (C) 2017 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.811052
Categoría:	General
Título:	VLC Media Player Subtitle Remote Code Execution Vulnerability - Windows
Resumen:	VLC media player is prone to a heap overflow vulnerability.
Descripción:	Summary: VLC media player is prone to a heap overflow vulnerability. Vulnerability Insight: The flaw exists due to the poor state of security in the way media player process subtitle files and the large number of subtitle formats. There are over 25 subtitle formats in use, each with unique features and capabilities. Media player often need to parse together multiple subtitle formats to ensure coverage and provide a better user experience. Like other, similar situations which involve fragmented software, this results in numerous distinct vulnerabilities. Vulnerability Impact: Successful exploitation will allow remote attackers to take complete control over any device running them. Affected Software/OS: VideoLAN VLC media player before 2.2.5.1 on Windows. Solution: Upgrade to VideoLAN VLC media player version 2.2.5.1 or later. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2017-8313 BugTraq ID: 98633 http://www.securityfocus.com/bid/98633 Debian Security Information: DSA-3899 (Google Search) http://www.debian.org/security/2017/dsa-3899 https://security.gentoo.org/glsa/201707-10 Common Vulnerability Exposure (CVE) ID: CVE-2017-8312 BugTraq ID: 98631 http://www.securityfocus.com/bid/98631 Common Vulnerability Exposure (CVE) ID: CVE-2017-8311 BugTraq ID: 98634 http://www.securityfocus.com/bid/98634 https://www.exploit-db.com/exploits/44514/ Common Vulnerability Exposure (CVE) ID: CVE-2017-8310 BugTraq ID: 98638 http://www.securityfocus.com/bid/98638
Copyright	Copyright (C) 2017 Greenbone AG