Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4558

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2008-4558
Last Modified 29 Oct 2012 11:17:40
Published 14 Oct 2008 08:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-4558

Summary

Array index error in VLC media player 0.9.2 allows remote attackers to overwrite arbitrary memory and execute arbitrary code via an XSPF playlist file with a negative identifier tag, which passes a signed comparison.

Vulnerable Systems

Application

  • Videolan Vlc Media Player 0.9.2


References

XF - vlc-parsetracknode-code-execution(45869)

VUPEN - ADV-2008-2826

BID - 31758

MISC - http://www.coresecurity.com/content/vlc-xspf-memory-corruption

SECUNIA - 32267

BUGTRAQ - 20081014 CORE-2008-1010: VLC media player XSPF Memory Corruption

MILW0RM - 6756


Last Updated: 27 May 2016 10:49:43