Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.VLC_2_1_4.NASL
HistoryJun 11, 2020 - 12:00 a.m.

VLC < 2.1.4 DoS

2020-06-1100:00:00
This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
11

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.265 Low

EPSS

Percentile

96.8%

JSON

A denial of service (DoS) vulnerability exists in VLC media player. An unauthenticated, remote attacker can exploit this issue, by tricking a user into opening a specially crafted .png file, to cause the application to stop responding.

#
# (C) Tenable Network Security, Inc.
#

include('compat.inc');

if (description)
{
  script_id(137358);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/08/14");

  script_cve_id("CVE-2014-3441");
  script_bugtraq_id(67315);

  script_name(english:"VLC < 2.1.4 DoS");

  script_set_attribute(attribute:"synopsis", value:
"The remote Windows host contains a media player that is affected by denial of service vulnerability.");
  script_set_attribute(attribute:"description", value:
"A denial of service (DoS) vulnerability exists in VLC media player. An unauthenticated, remote attacker can exploit 
this issue, by tricking a user into opening a specially crafted .png file, to cause the application to stop responding.");
  # https://packetstormsecurity.com/files/126564/VLC-Player-2.1.3-Memory-Corruption.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?fba8d459");
  script_set_attribute(attribute:"solution", value:
"Upgrade to VLC version 2.1.4 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-3441");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2014/04/14");
  script_set_attribute(attribute:"patch_publication_date", value:"2014/04/14");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/06/11");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:videolan:vlc_media_player");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("vlc_installed.nasl");
  script_require_keys("SMB/VLC/Version", "installed_sw/VLC media player");

  exit(0);
}

include('vcf.inc');

app_info = vcf::get_app_info(app:'VLC media player', win_local:TRUE);

constraints = [{'fixed_version':'2.1.4'}];

vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);
VendorProductVersionCPE
videolanvlc_media_playercpe:/a:videolan:vlc_media_player

Related

cve 1
openvas 3
cvelist 1
packetstorm 1
prion 1
kaspersky 1
ubuntucve 1
nvd 1
debiancve 1
cve
cve
CVE-2014-3441
2014-05-14 19:55:13
openvas
openvas
VLC Media Player Denial of Service Vulnerability -01 (Jun 2014) - Windows
2014-06-04 00:00:00
VLC Media Player Denial of Service Vulnerability -01 (Jun 2014) - Mac OS X
2014-06-04 00:00:00
VLC Media Player Denial of Service Vulnerability -01 (Jun 2014) - Linux
2014-06-04 00:00:00
cvelist
cvelist
CVE-2014-3441
2014-05-14 19:00:00
packetstorm
packetstorm
VLC Player 2.1.3 Memory Corruption
2014-05-09 00:00:00
prion
prion
Design/Logic Flaw
2014-05-14 19:55:00
kaspersky
kaspersky
KLA10008 Denial of Service in VideoLAN VLC Media Player
2014-05-14 00:00:00
ubuntucve
ubuntucve
CVE-2014-3441
2014-05-14 00:00:00
nvd
nvd
CVE-2014-3441
2014-05-14 19:55:13
debiancve
debiancve
CVE-2014-3441
2014-05-14 19:55:13

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.265 Low

EPSS

Percentile

96.8%

JSON
Related for VLC_2_1_4.NASL
cve1openvas3cvelist1packetstorm1prion1kaspersky1ubuntucve1nvd1debiancve1