Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-6262

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2007-6262
Last Modified 27 Jan 2012 12:30:29
Published 05 Dec 2007 09:46:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-6262

Summary

A certain ActiveX control in axvlc.dll in VideoLAN VLC 0.8.6 before 0.8.6d allows remote attackers to execute arbitrary code via crafted arguments to the (1) addTarget, (2) getVariable, or (3) setVariable function, resulting from a "bad initialized pointer," aka a "recursive plugin release vulnerability."

Vulnerable Systems

Application

  • Videolan Vlc Media Player 0.8.6

  • Videolan Vlc Media Player 0.8.6a

  • Videolan Vlc Media Player 0.8.6b


References

BID - 26675

XF - vlcmediaplayer-activex-memory-overwrite(38816)

VUPEN - ADV-2007-4061

CONFIRM - http://www.videolan.org/sa0703.html

BUGTRAQ - 20071204 CORE-2007-1004: VLC Activex Bad Pointer Initialization Vulnerability

MISC - http://www.coresecurity.com/?action=item&id=2035

SECUNIA - 27878

SREASON - 3420


Last Updated: 27 May 2016 10:46:26