‫ VLC Media Player HTML Subtitle Parsing Buffer Overflow Vulnerabilities

IRCAD2012122391
ID: IRCAD2012122391
Release Date: 2012-12-28
Criticality level: Highly critical
 
Software:
VLC Media Player 2.x
 
Description:
Some vulnerabilities have been reported in VLC Media Player, which can be exploited by malicious people to compromise a user's system.
The vulnerabilities are caused due to errors when parsing HTML subtitles in modules/codec/subsdec.c and can be exploited to cause buffer overflows via a specially crafted subtitle file.
Successful exploitation may allow execution of arbitrary code.
The vulnerabilities are reported in versions prior to 2.0.5.
 
Solution
Update to version 2.0.5.
 
References:
 
Secunia:

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 9 دی 1391

امتیاز

امتیاز شما
تعداد امتیازها:0