Lucene search
This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.VLC_1_1_12.NASLHistoryJul 09, 2020 - 12:00 a.m.
VLC < 1.1.12 DoS
2020-07-0900:00:00
This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
12
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.675 Medium
EPSS
Percentile
98.0%
A denial of service (DoS) vulnerability exists in VLC media player before 1.1.12. Allows remote attackers to cause a denial of service (crash) via a long string in an amr file.
#
# (C) Tenable Network Security, Inc.
#
include('compat.inc');
if (description)
{
script_id(138341);
script_version("1.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/10/25");
script_cve_id("CVE-2012-0904");
script_bugtraq_id(51255);
script_name(english:"VLC < 1.1.12 DoS");
script_set_attribute(attribute:"synopsis", value:
"The remote Windows host contains a media player that is affected by denial of service and/or a potential infoleak
vulnerability.");
script_set_attribute(attribute:"description", value:
"A denial of service (DoS) vulnerability exists in VLC media player before 1.1.12. Allows remote
attackers to cause a denial of service (crash) via a long string in an amr file.");
script_set_attribute(attribute:"see_also", value:"https://www.exploit-db.com/exploits/18309");
script_set_attribute(attribute:"solution", value:
"Upgrade to VLC version 1.1.12 or later.");
script_set_attribute(attribute:"agent", value:"all");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2012-0904");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2012/01/04");
script_set_attribute(attribute:"patch_publication_date", value:"2012/01/04");
script_set_attribute(attribute:"plugin_publication_date", value:"2020/07/09");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:videolan:vlc_media_player");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Misc.");
script_copyright(english:"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("vlc_installed.nasl", "macosx_vlc_installed.nbin");
exit(0);
}
include('vcf.inc');
os = get_kb_item('Host/MacOSX/Version');
if (!isnull(os))
app = 'VLC';
else
app = 'VLC media player';
app_info = vcf::get_app_info(app:app);
constraints = [{'fixed_version':'1.1.12'}];
vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);
| Vendor | Product | Version | CPE |
|---|---|---|---|
| videolan | vlc_media_player | cpe:/a:videolan:vlc_media_player |
Related
cve
cve
CVE-2012-0904
2012-01-20 17:55:02
openvas
openvas
VLC Media Player '.amr' File Denial of Service Vulnerability (Windows)
2012-01-23 00:00:00
VLC Media Player '.amr' File Denial of Service Vulnerability - Windows
2012-01-23 00:00:00
prion
prion
Code injection
2012-01-20 17:55:00
cvelist
cvelist
CVE-2012-0904
2012-01-20 17:00:00
debiancve
debiancve
CVE-2012-0904
2012-01-20 17:55:02
nvd
nvd
CVE-2012-0904
2012-01-20 17:55:02
ubuntucve
ubuntucve
CVE-2012-0904
2012-01-20 00:00:00
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.675 Medium
EPSS
Percentile
98.0%
Related for VLC_1_1_12.NASL