Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2008-2018 Tenable Network Security, Inc.VLC_0_8_6I.NASL
HistoryJul 15, 2008 - 12:00 a.m.

VLC Media Player < 0.8.6i WAV File Handling Integer Overflow

2008-07-1500:00:00
This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.
www.tenable.com
9
JSON

The installed version of VLC media player is affected by an integer overflow vulnerability. By tricking a user into opening a malicious .WAV file, it may be possible to cause a denial of service condition or execute arbitrary code within the context of the affected application.

#
#  (C) Tenable Network Security, Inc.
#


include("compat.inc");

if (description)
{
  script_id(33485);
  script_version("1.10");

  script_cve_id("CVE-2008-2430");
  script_bugtraq_id(30058);

  script_name(english:"VLC Media Player < 0.8.6i WAV File Handling Integer Overflow");
  script_summary(english:"Checks version of VLC");
 
 script_set_attribute(attribute:"synopsis", value:
"The remote Windows host contains an application that is affected by an
integer overflow vulnerability." );
 script_set_attribute(attribute:"description", value:
"The installed version of VLC media player is affected by an integer
overflow vulnerability.  By tricking a user into opening a malicious
.WAV file, it may be possible to cause a denial of service condition
or execute arbitrary code within the context of the affected
application." );
 script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/493849" );
 script_set_attribute(attribute:"see_also", value:"http://wiki.videolan.org/Changelog/0.8.6i" );
 script_set_attribute(attribute:"solution", value:
"Upgrade to VLC Media Player version 0.8.6i or later." );
 script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
 script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"false");
 script_cwe_id(189);
 script_set_attribute(attribute:"plugin_publication_date", value: "2008/07/15");
 script_cvs_date("Date: 2018/11/15 20:50:29");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:videolan:vlc_media_player");
script_end_attributes();

 
  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.");

  script_dependencies("vlc_installed.nasl");
  script_require_keys("SMB/VLC/Version");

  exit(0);
}

include("global_settings.inc");

ver = get_kb_item("SMB/VLC/Version");
if (ver && tolower(ver) =~ "^0\.([0-7]\.|8\.([0-5]|6($|[a-h]$)))")
{
  if (report_verbosity)
  {
    report = string(
      "\n",
      "VLC Media Player version ", ver, " is currently installed on the remote host.\n"
    );
    security_hole(port:get_kb_item("SMB/transport"), extra:report);
  }
  else security_hole(get_kb_item("SMB/transport"));
}
VendorProductVersionCPE
videolanvlc_media_playercpe:/a:videolan:vlc_media_player

Related

securityvulns 2
ubuntucve 1
checkpoint_advisories 1
prion 1
cvelist 1
cve 1
seebug 1
debiancve 1
nessus 2
openvas 4
gentoo 1
osv 1
debian 1
securityvulns
securityvulns
Secunia Research: VLC Media Player WAV Processing Integer Overflow
2008-07-03 00:00:00
VLC Media Player integer overflow
2008-09-09 00:00:00
ubuntucve
ubuntucve
CVE-2008-2430
2008-07-07 00:00:00
checkpoint_advisories
checkpoint_advisories
VideoLAN VLC Media Player WAV Processing Integer Overflow (CVE-2008-2430)
2009-09-24 00:00:00
prion
prion
Integer overflow
2008-07-07 23:41:00
cvelist
cvelist
CVE-2008-2430
2008-07-07 23:00:00
cve
cve
CVE-2008-2430
2008-07-07 23:41:00
seebug
seebug
VLC Media Player WAVζ–‡δ»ΆηΌ“ε†²εŒΊζΊ’ε‡ΊζΌζ΄ž
2008-07-03 00:00:00
debiancve
debiancve
CVE-2008-2430
2008-07-07 23:41:00
nessus
nessus
GLSA-200807-13 : VLC: Multiple vulnerabilities
2008-08-01 00:00:00
Debian DSA-1819-1 : vlc - several vulnerabilities
2009-06-19 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 200807-13 (vlc)
2008-09-24 00:00:00
Gentoo Security Advisory GLSA 200807-13 (vlc)
2008-09-24 00:00:00
Debian: Security Advisory (DSA-1819-1)
2009-06-23 00:00:00
gentoo
gentoo
VLC: Multiple vulnerabilities
2008-07-31 00:00:00
osv
osv
vlc - several vulnerabilities
2009-06-18 00:00:00
debian
debian
[SECURITY] [DSA 1819-1] New vlc packages fix several vulnerabilities
2009-06-18 13:14:01
JSON
Related for VLC_0_8_6I.NASL
securityvulns2ubuntucve1checkpoint_advisories1prion1cvelist1cve1seebug1debiancve1nessus2openvas4gentoo1osv1debian1