6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.312 Low
EPSS
Percentile
96.9%
Added: 05/26/2011
CVE: CVE-2011-1574
OSVDB: 72143
VideoLAN VLC media player is a media player supporting various audio and video formats for multiple platforms.
VLC media player is vulnerable to a stack buffer overflow because the ReadS3M() function in libmodplug fails to properly sanitize user-supplied input. A remote attack who entices a user to open a specially crafted file in the vulnerable VLC media player could potentially execute arbitrary code.
Upgrade to VLC 1.1.9 or higher.
<http://secunia.com/advisories/44054/>
Exploit runs on VideoLAN VLC media player 1.1.8.
Windows