This host is installed with VLC Media Player and is prone to multiple vulnerabilities. Flaws include errors in 'SHAddToRecentDocs()' function and improper validation of user supplied inputs when handling HTML subtitle files. Successful exploitation will allow overflow buffer, denial of service, or potentially execution of arbitrary code. Affected version is VLC media player version 2.0.4 and prior on MAC OS X. Upgrade to VLC media player version 2.0.5 or later for the fix
Reporter | Title | Published | Views | Family All 26 |
---|---|---|---|---|
![]() | VLC Media Player Multiple Vulnerabilities - July 13 (Windows) | 16 Jul 201300:00 | – | openvas |
![]() | VLC Media Player Multiple Vulnerabilities (Jul 2013) - Windows | 16 Jul 201300:00 | – | openvas |
![]() | VLC Media Player Multiple Vulnerabilities (Jul 2013) - Mac OS X | 16 Jul 201300:00 | – | openvas |
![]() | Debian: Security Advisory (DSA-2973-1) | 6 Jul 201400:00 | – | openvas |
![]() | Debian Security Advisory DSA 2973-1 (vlc - security update) | 7 Jul 201400:00 | – | openvas |
![]() | Gentoo Security Advisory GLSA 201411-01 | 29 Sep 201500:00 | – | openvas |
![]() | VLC < 2.0.5 Multiple Vulnerabilities | 4 Jan 201300:00 | – | nessus |
![]() | Debian DSA-2973-1 : vlc - security update | 9 Jul 201400:00 | – | nessus |
![]() | GLSA-201411-01 : VLC: Multiple vulnerabilities | 6 Nov 201400:00 | – | nessus |
![]() | CVE-2012-5855 | 10 Jul 201319:00 | – | cvelist |
Source | Link |
---|---|
videolan | www.videolan.org/news.html |
xforce | www.xforce.iss.net/xforce/xfdb/79823 |
###############################################################################
# OpenVAS Vulnerability Test
# $Id: gb_vlc_media_player_mult_vuln_jul13_macosx.nasl 6115 2017-05-12 09:03:25Z teissa $
#
# VLC Media Player Multiple Vulnerabilities - July 13 (MAC OS X)
#
# Authors:
# Arun Kallavi <[email protected]>
#
# Copyright:
# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
tag_impact = "
Impact Level: System/Application";
if(description)
{
script_id(803901);
script_version("$Revision: 6115 $");
script_cve_id("CVE-2013-1868", "CVE-2012-5855");
script_bugtraq_id(57079,56405);
script_tag(name:"cvss_base", value:"9.3");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_tag(name:"last_modification", value:"$Date: 2017-05-12 11:03:25 +0200 (Fri, 12 May 2017) $");
script_tag(name:"creation_date", value:"2013-07-16 14:45:11 +0530 (Tue, 16 Jul 2013)");
script_name("VLC Media Player Multiple Vulnerabilities - July 13 (MAC OS X)");
tag_summary =
"This host is installed with VLC Media Player and is prone to multiple
vulnerabilities.";
tag_insight =
"Multiple flaws due to,
- Error in 'SHAddToRecentDocs()' function.
- Error due to improper validation of user supplied inputs when handling
HTML subtitle files.";
tag_vuldetect =
"Get the installed version with the help of detect NVT and check the version
is vulnerable or not.";
tag_impact =
"Successful exploitation will allow attackers to overflow buffer, cause denial
of service or potentially execution of arbitrary code.";
tag_affected =
"VLC media player version 2.0.4 and prior on MAC OS X";
tag_solution =
"Upgrade to VLC media player version 2.0.5 or later,
For updates refer to http://www.videolan.org/vlc";
script_tag(name : "impact" , value : tag_impact);
script_tag(name : "affected" , value : tag_affected);
script_tag(name : "insight" , value : tag_insight);
script_tag(name : "solution" , value : tag_solution);
script_tag(name : "vuldetect" , value : tag_vuldetect);
script_tag(name : "summary" , value : tag_summary);
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
script_xref(name : "URL" , value : "http://www.videolan.org/news.html");
script_xref(name : "URL" , value : "http://xforce.iss.net/xforce/xfdb/79823");
script_copyright("Copyright (c) 2013 Greenbone Networks GmbH");
script_category(ACT_GATHER_INFO);
script_family("General");
script_dependencies("gb_vlc_media_player_detect_macosx.nasl");
script_mandatory_keys("VLC/Media/Player/MacOSX/Version");
exit(0);
}
include("version_func.inc");
## Variable Initialization
vlcVer = "";
## Get the version from KB
vlcVer = get_kb_item("VLC/Media/Player/MacOSX/Version");
if(!vlcVer){
exit(0);
}
## Check for VLC Media Player Version <= 2.0.4
if(version_is_less_equal(version:vlcVer, test_version:"2.0.4"))
{
security_message(0);
exit(0);
}
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo