Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-5276

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2008-5276
Last Modified 27 Jan 2012 12:31:28
Published 03 Dec 2008 12:30:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-5276

Summary

Integer overflow in the ReadRealIndex function in real.c in the Real demuxer plugin in VideoLAN VLC media player 0.9.0 through 0.9.7 allows remote attackers to execute arbitrary code via a malformed RealMedia (.rm) file that triggers a heap-based buffer overflow.

Vulnerable Systems

Application

  • Videolan Vlc Media Player 0.9.0

  • Videolan Vlc Media Player 0.9.1

  • Videolan Vlc Media Player 0.9.2

  • Videolan Vlc Media Player 0.9.3

  • Videolan Vlc Media Player 0.9.4

  • Videolan Vlc Media Player 0.9.5

  • Videolan Vlc Media Player 0.9.6

  • Videolan Vlc Media Player 0.9.7

  • Videolan Vlc Media Player 0.9.8


References

VUPEN - ADV-2008-3287

CONFIRM - http://www.videolan.org/security/sa0811.html

MISC - http://www.trapkit.de/advisories/TKADV2008-013.txt

BID - 32545

BUGTRAQ - 20081130 [TKADV2008-013] VLC media player RealMedia Processing Integer Overflow Vulnerability

OSVDB - 50333

SREASON - 4680

GENTOO - GLSA-200812-24

SECUNIA - 33315

SECUNIA - 32942

CONFIRM - http://git.videolan.org/?p=vlc.git;a=commitdiff;h=d19de4e9f2211cbe5bde00726b66c47a424f4e07


Last Updated: 27 May 2016 10:48:46