Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2010-2062

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2010-2062
Last Modified 29 Dec 2014 04:03:27
Published 26 Dec 2014 03:59:07
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2010-2062

Summary

Integer underflow in the real_get_rdt_chunk function in real.c, as used in modules/access/rtsp/real.c in VideoLAN VLC media player before 1.0.1 and stream/realrtsp/real.c in MPlayer before r29447, allows remote attackers to execute arbitrary code via a crafted length value in an RDT chunk header.

Vulnerable Systems

Application

  • Videolan Vlc Media Player 0.5.0

  • Videolan Vlc Media Player 0.5.1

  • Videolan Vlc Media Player 0.5.2

  • Videolan Vlc Media Player 0.5.3

  • Videolan Vlc Media Player 0.6.0

  • Videolan Vlc Media Player 0.6.1

  • Videolan Vlc Media Player 0.6.2

  • Videolan Vlc Media Player 0.7.0

  • Videolan Vlc Media Player 0.7.1

  • Videolan Vlc Media Player 0.7.2

  • Videolan Vlc Media Player 0.8.0

  • Videolan Vlc Media Player 0.8.1

  • Videolan Vlc Media Player 0.8.1337

  • Videolan Vlc Media Player 0.8.2

  • Videolan Vlc Media Player 0.8.4

  • Videolan Vlc Media Player 0.8.4a

  • Videolan Vlc Media Player 0.8.5

  • Videolan Vlc Media Player 0.8.6

  • Videolan Vlc Media Player 0.8.6a

  • Videolan Vlc Media Player 0.8.6b

  • Videolan Vlc Media Player 0.8.6c

  • Videolan Vlc Media Player 0.8.6d

  • Videolan Vlc Media Player 0.8.6e

  • Videolan Vlc Media Player 0.8.6f

  • Videolan Vlc Media Player 0.8.6g

  • Videolan Vlc Media Player 0.8.6h

  • Videolan Vlc Media Player 0.8.6i

  • Videolan Vlc Media Player 0.9.0

  • Videolan Vlc Media Player 0.9.1

  • Videolan Vlc Media Player 0.9.10

  • Videolan Vlc Media Player 0.9.2

  • Videolan Vlc Media Player 0.9.3

  • Videolan Vlc Media Player 0.9.4

  • Videolan Vlc Media Player 0.9.5

  • Videolan Vlc Media Player 0.9.6

  • Videolan Vlc Media Player 0.9.8a

  • Videolan Vlc Media Player 0.9.9

  • Videolan Vlc Media Player 0.9.9a

  • Videolan Vlc Media Player 1.0.0


References

MISC - https://dzcore.wordpress.com/2009/07/27/dzc-2009-001-the-movie-player-and-vlc-media-player-real-data-transport-parsing-integer-underflow/

FULLDISC - 20090727 [DZC-2009-001] The Movie Player and VLC Media Player Real Data Transport parsing integer underflow.

MLIST - [oss-security] 20100604 Re: CVE requests for mplayer/vlc and abcm2ps

CONFIRM - http://git.videolan.org/?p=vlc.git;a=commit;h=dc74600c97eb834c08674676e209afa842053aca


Last Updated: 27 May 2016 11:07:22