SAINT CorporationSAINT:9B4699B47CBEBC255A4E2F27D16CFE34VLC media player TY file parse_master buffer overflow
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.753 High
EPSS
Percentile
98.2%
Added: 12/04/2008
CVE: CVE-2008-4654
BID: 31813
OSVDB: 49181
Background
VLC media player is a media player supporting various audio and video formats for multiple platforms.
Problem
A buffer overflow vulnerability in the parse_master function in the Ty demux plugin allows command execution when a user opens a specially crafted TiVo TY media file.
Resolution
Upgrade to VLC media player 0.9.5 or higher.
References
<http://www.videolan.org/security/sa0809.html>
<http://archives.neohapsis.com/archives/bugtraq/2008-10/0155.html>
Limitations
Exploit works on VLC media player 0.9.4 and requires a user to open the exploit file in VLC media player.
Platforms
Windows 2000
Windows XP
Related
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.753 High
EPSS
Percentile
98.2%