Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-5235

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2008-5235
Last Modified 07 Mar 2011 10:14:13
Published 25 Nov 2008 08:30:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-5235

Summary

Heap-based buffer overflow in the demux_real_send_chunk function in src/demuxers/demux_real.c in xine-lib before 1.1.15 allows remote attackers to execute arbitrary code via a crafted Real Media file. NOTE: some of these details are obtained from third party information.

Vulnerable Systems

Application

  • Xine 0.9.13

  • Xine 1

  • Xine 1.0

  • Xine 1.0.1

  • Xine 1.0.2

  • Xine 1.0.3a

  • Xine 1.1.0

  • Xine 1.1.1

  • Xine 1.1.10.1

  • Xine 1.1.11

  • Xine 1.1.11.1

  • Xine 1.1.2

  • Xine 1.1.3

  • Xine 1.1.4


References

VUPEN - ADV-2008-2382

BID - 30698

CONFIRM - http://sourceforge.net/project/shownotes.php?release_id=619869

SECTRACK - 1020703

SECUNIA - 31502

SUSE - SUSE-SR:2009:004


Last Updated: 27 May 2016 10:48:45