Lucene search

K

VLC Media Player Multiple Vulnerabilities - July 13 (MAC OS X)

🗓️ 16 Jul 2013 00:00:00Reported by Copyright (c) 2013 Greenbone Networks GmbHType 
openvas
 openvas
🔗 plugins.openvas.org👁 26 Views

This host is installed with VLC Media Player and is prone to multiple vulnerabilities. Flaws include errors in 'SHAddToRecentDocs()' function and improper validation of user supplied inputs when handling HTML subtitle files. Successful exploitation will allow overflow buffer, denial of service, or potentially execution of arbitrary code. Affected version is VLC media player version 2.0.4 and prior on MAC OS X. Upgrade to VLC media player version 2.0.5 or later for the fix

Show more
Related
Refs
Code
###############################################################################
# OpenVAS Vulnerability Test
# $Id: gb_vlc_media_player_mult_vuln_jul13_macosx.nasl 6115 2017-05-12 09:03:25Z teissa $
#
# VLC Media Player Multiple Vulnerabilities - July 13 (MAC OS X)
#
# Authors:
# Arun Kallavi <[email protected]>
#
# Copyright:
# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

tag_impact = "
  Impact Level: System/Application";

if(description)
{
  script_id(803901);
  script_version("$Revision: 6115 $");
  script_cve_id("CVE-2013-1868", "CVE-2012-5855");
  script_bugtraq_id(57079,56405);
  script_tag(name:"cvss_base", value:"9.3");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_tag(name:"last_modification", value:"$Date: 2017-05-12 11:03:25 +0200 (Fri, 12 May 2017) $");
  script_tag(name:"creation_date", value:"2013-07-16 14:45:11 +0530 (Tue, 16 Jul 2013)");
  script_name("VLC Media Player Multiple Vulnerabilities - July 13 (MAC OS X)");

  tag_summary =
"This host is installed with VLC Media Player and is prone to multiple
vulnerabilities.";

  tag_insight =
"Multiple flaws due to,
 - Error in 'SHAddToRecentDocs()' function.
 - Error due to improper validation of user supplied inputs when handling
   HTML subtitle files.";

  tag_vuldetect =
"Get the installed version with the help of detect NVT and check the version
is vulnerable or not.";

  tag_impact =
"Successful exploitation will allow attackers to overflow buffer, cause denial
of service or potentially execution of arbitrary code.";

  tag_affected =
"VLC media player version 2.0.4 and prior on MAC OS X";

  tag_solution =
"Upgrade to VLC media player version 2.0.5 or later,
For updates refer to http://www.videolan.org/vlc";


  script_tag(name : "impact" , value : tag_impact);
  script_tag(name : "affected" , value : tag_affected);
  script_tag(name : "insight" , value : tag_insight);
  script_tag(name : "solution" , value : tag_solution);
  script_tag(name : "vuldetect" , value : tag_vuldetect);
  script_tag(name : "summary" , value : tag_summary);
  script_tag(name:"qod_type", value:"package");
  script_tag(name:"solution_type", value:"VendorFix");

  script_xref(name : "URL" , value : "http://www.videolan.org/news.html");
  script_xref(name : "URL" , value : "http://xforce.iss.net/xforce/xfdb/79823");
  script_copyright("Copyright (c) 2013 Greenbone Networks GmbH");
  script_category(ACT_GATHER_INFO);
  script_family("General");
  script_dependencies("gb_vlc_media_player_detect_macosx.nasl");
  script_mandatory_keys("VLC/Media/Player/MacOSX/Version");
  exit(0);
}


include("version_func.inc");

## Variable Initialization
vlcVer = "";

## Get the version from KB
vlcVer = get_kb_item("VLC/Media/Player/MacOSX/Version");
if(!vlcVer){
  exit(0);
}

## Check for VLC Media Player Version <= 2.0.4
if(version_is_less_equal(version:vlcVer, test_version:"2.0.4"))
{
  security_message(0);
  exit(0);
}

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo