Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1881

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2008-1881
Last Modified 27 Jan 2012 12:31:01
Published 17 Apr 2008 07:05:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-1881

Summary

Stack-based buffer overflow in the ParseSSA function (modules/demux/subtitle.c) in VLC 0.8.6e allows remote attackers to execute arbitrary code via a long subtitle in an SSA file. NOTE: this issue is due to an incomplete fix for CVE-2007-6681.

Vulnerable Systems

Application

  • Videolan Vlc 0.8.6e


References

XF - vlc-parsessa-bo(41936)

XF - vlcmediaplayer-subtitle-bo(41237)

BID - 28274

BID - 28251

BUGTRAQ - 20080317 VLC highlander bug

MILW0RM - 5250

CONFIRM - http://wiki.videolan.org/Changelog/0.8.6f

GENTOO - GLSA-200804-25

SECUNIA - 29800

SECUNIA - 28233

MISC - http://aluigi.org/adv/vlcboffs-adv.txt

MISC - http://aluigi.altervista.org/adv/vlcboffs-adv.txt


Last Updated: 27 May 2016 10:47:41