Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-6683

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2007-6683
Last Modified 27 Jan 2012 12:32:05
Published 16 Jan 2008 08:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-6683

Summary

The browser plugin in VideoLAN VLC 0.8.6d allows remote attackers to overwrite arbitrary files via (1) the :demuxdump-file option in a filename in a playlist, or (2) a EXTVLCOPT statement in an MP3 file, possibly an argument injection vulnerability.

Vulnerable Systems

Application

  • Videolan Vlc 0.8.6d


References

CONFIRM - https://trac.videolan.org/vlc/ticket/1371

CONFIRM - https://trac.videolan.org/vlc/changeset/23197

BID - 28712

GENTOO - GLSA-200803-13

DEBIAN - DSA-1543

SECUNIA - 29766

SECUNIA - 29284

OSVDB - 42206

OSVDB - 42205

MLIST - [vlc-devel] 20071226 Regarding "obscure" security problem


Last Updated: 27 May 2016 10:46:36