CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
Confidence
High
EPSS
Percentile
97.1%
A certain ActiveX control in axvlc.dll in VideoLAN VLC 0.8.6 before 0.8.6d allows remote attackers to execute arbitrary code via crafted arguments to the (1) addTarget, (2) getVariable, or (3) setVariable function, resulting from a “bad initialized pointer,” aka a “recursive plugin release vulnerability.”
Vendor | Product | Version | CPE |
---|---|---|---|
videolan | vlc_media_player | 0.8.6 | cpe:2.3:a:videolan:vlc_media_player:0.8.6:*:*:*:*:*:*:* |
videolan | vlc_media_player | 0.8.6a | cpe:2.3:a:videolan:vlc_media_player:0.8.6a:*:*:*:*:*:*:* |
videolan | vlc_media_player | 0.8.6b | cpe:2.3:a:videolan:vlc_media_player:0.8.6b:*:*:*:*:*:*:* |
secunia.com/advisories/27878
securityreason.com/securityalert/3420
www.coresecurity.com/?action=item&id=2035
www.securityfocus.com/archive/1/484563/100/0/threaded
www.securityfocus.com/bid/26675
www.videolan.org/sa0703.html
www.vupen.com/english/advisories/2007/4061
exchange.xforce.ibmcloud.com/vulnerabilities/38816
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14280