Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:247793ED4A5F81141085F5CFD69DF3F9
HistoryJun 27, 2011 - 12:00 a.m.

VideoLAN VLC Media Player MKV Demuxer Code Execution

2011-06-2700:00:00
SAINT Corporation
download.saintcorporation.com
27

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.972 High

EPSS

Percentile

99.8%

JSON

Added: 06/27/2011
CVE: CVE-2011-0531
BID: 46060
OSVDB: 70698

Background

VLC media player is a media player supporting various audio and video formats for multiple platforms.

Problem

VideoLan VLC 1.1.6.1 and earlier are vulnerable to a remote code execution vulnerability as a result of insufficient input validation. A remote attacker can exploit this vulnerability by enticing a user to open a specially crafted **MKV** (**Matroska** or **WebM**) file.

Resolution

Upgrade to VLC media player 1.1.7 or higher. Patches for some older versions are also available.

References

<http://www.videolan.org/security/sa1102.html&gt;

Limitations

Exploit works on VideoLAN VLC 1.1.0.

The user must open the exploit file on the target with a vulnerable version of VLC.

Platforms

Windows

Related

openvas 11
debiancve 1
nessus 4
debian 2
securityvulns 2
prion 1
saint 3
packetstorm 1
cvelist 1
checkpoint_advisories 1
cve 1
ubuntucve 1
osv 1
gentoo 1
openvas
openvas
Debian Security Advisory DSA 2159-1 (vlc)
2011-03-07 00:00:00
VLC Media Player '.mkv' Code Execution Vulnerability (Linux)
2011-02-23 00:00:00
VLC Media Player '.mkv' Code Execution Vulnerability (Windows)
2011-02-23 00:00:00
debiancve
debiancve
CVE-2011-0531
2011-02-07 21:00:00
nessus
nessus
VLC Media Player < 1.1.7 MKV Input Validation Vulnerability
2011-02-02 00:00:00
Debian DSA-2159-1 : vlc - missing input sanitising
2011-02-11 00:00:00
Debian DSA-2211-1 : vlc - missing input sanitising
2011-04-07 00:00:00
debian
debian
[SECURITY] [DSA 2159-1] vlc security update
2011-02-10 22:49:43
[SECURITY] [DSA 2211-1] vlc security update
2011-04-06 21:51:11
securityvulns
securityvulns
VLC media player memory corruption
2011-02-14 00:00:00
[SECURITY] [DSA 2159-1] vlc security update
2011-02-14 00:00:00
prion
prion
Memory corruption
2011-02-07 21:00:00
saint
saint
VideoLAN VLC Media Player MKV Demuxer Code Execution
2011-06-27 00:00:00
VideoLAN VLC Media Player MKV Demuxer Code Execution
2011-06-27 00:00:00
VideoLAN VLC Media Player MKV Demuxer Code Execution
2011-06-27 00:00:00
packetstorm
packetstorm
VideoLAN VLC MKV Memory Corruption
2011-02-03 00:00:00
cvelist
cvelist
CVE-2011-0531
2011-02-07 20:19:00
checkpoint_advisories
checkpoint_advisories
VideoLAN VLC MKV Memory Corruption (CVE-2011-0531)
2012-04-16 00:00:00
cve
cve
CVE-2011-0531
2011-02-07 21:00:00
ubuntucve
ubuntucve
CVE-2011-0531
2011-02-07 00:00:00
osv
osv
vlc - missing input sanitising
2011-04-06 00:00:00
gentoo
gentoo
VLC: Multiple vulnerabilities
2014-11-05 00:00:00

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.972 High

EPSS

Percentile

99.8%

JSON
Related for SAINT:247793ED4A5F81141085F5CFD69DF3F9
openvas11debiancve1nessus4debian2securityvulns2prion1saint3packetstorm1cvelist1checkpoint_advisories1cve1ubuntucve1osv1gentoo1