Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2147

Overview

Vulnerability Score 4.6 4.6
CVE Id CVE-2008-2147
Last Modified 10 Sep 2008 09:10:03
Published 12 May 2008 04:20:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2008-2147

Summary

Untrusted search path vulnerability in VideoLAN VLC before 0.9.0 allows local users to execute arbitrary code via a malicious library under the modules/ or plugins/ subdirectories of the current working directory.

Vulnerable Systems

Application

  • Videolan Vlc 0.4.6

  • Videolan Vlc 0.5.0

  • Videolan Vlc 0.5.1

  • Videolan Vlc 0.5.1a

  • Videolan Vlc 0.5.2

  • Videolan Vlc 0.5.3

  • Videolan Vlc 0.6.0

  • Videolan Vlc 0.6.1

  • Videolan Vlc 0.6.2

  • Videolan Vlc 0.7.0

  • Videolan Vlc 0.7.1

  • Videolan Vlc 0.7.2

  • Videolan Vlc 0.8.0

  • Videolan Vlc 0.8.1

  • Videolan Vlc 0.8.2

  • Videolan Vlc 0.8.4

  • Videolan Vlc 0.8.4a

  • Videolan Vlc 0.8.5

  • Videolan Vlc 0.8.6

  • Videolan Vlc 0.8.6a

  • Videolan Vlc 0.8.6b

  • Videolan Vlc 0.8.6c

  • Videolan Vlc 0.8.6d

  • Videolan Vlc 0.8.6e


References

CONFIRM - http://trac.videolan.org/vlc/ticket/1578

GENTOO - GLSA-200807-13

SECUNIA - 31317

CONFIRM - http://git.videolan.org/?p=vlc.git;a=commit;h=c7cef4fdd8dd72ce0a45be3cda8ba98df5e83181

XF - vlc-searchpath-code-execution(42377)


Last Updated: 27 May 2016 10:47:46