Vulnerabilities > CVE-2008-1489 - Numeric Errors vulnerability in Videolan VLC 0.8.6E
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Integer overflow in the MP4_ReadBox_rdrf function in libmp4.c for VLC 0.8.6e allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MP4 RDRF box that triggers a heap-based buffer overflow, a different vulnerability than CVE-2008-0984.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Common Weakness Enumeration (CWE)
Exploit-Db
| description | Kantaris 0.3.4 SSA Subtitle Local Buffer Overflow Exploit. CVE-2007-6681,CVE-2008-0073,CVE-2008-0295,CVE-2008-0296,CVE-2008-0984,CVE-2008-1489,CVE-2008-1769.... |
| id | EDB-ID:5498 |
| last seen | 2016-01-31 |
| modified | 2008-04-25 |
| published | 2008-04-25 |
| reporter | j0rgan |
| source | https://www.exploit-db.com/download/5498/ |
| title | Kantaris 0.3.4 SSA Subtitle Local Buffer Overflow Exploit |
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1543.NASL description Luigi Auriemma, Alin Rad Pop, Remi Denis-Courmont, Quovodis, Guido Landi, Felipe Manzano, Anibal Sacco and others discovered multiple vulnerabilities in vlc, an application for playback and streaming of audio and video. In the worst case, these weaknesses permit a remote, unauthenticated attacker to execute arbitrary code with the privileges of the user running vlc. The Common Vulnerabilities and Exposures project identifies the following eight problems : - CVE-2007-6681 A buffer overflow vulnerability in subtitle handling allows an attacker to execute arbitrary code through the opening of a maliciously crafted MicroDVD, SSA or Vplayer file. - CVE-2007-6682 A format string vulnerability in the HTTP-based remote control facility of the vlc application allows a remote, unauthenticated attacker to execute arbitrary code. - CVE-2007-6683 Insecure argument validation allows a remote attacker to overwrite arbitrary files writable by the user running vlc, if a maliciously crafted M3U playlist or MP3 audio file is opened. - CVE-2008-0295, CVE-2008-0296 Heap buffer overflows in RTSP stream and session description protocol (SDP) handling allow an attacker to execute arbitrary code if a maliciously crafted RTSP stream is played. - CVE-2008-0073 Insufficient integer bounds checking in SDP handling allows the execution of arbitrary code through a maliciously crafted SDP stream ID parameter in an RTSP stream. - CVE-2008-0984 Insufficient integrity checking in the MP4 demuxer allows a remote attacker to overwrite arbitrary memory and execute arbitrary code if a maliciously crafted MP4 file is opened. - CVE-2008-1489 An integer overflow vulnerability in MP4 handling allows a remote attacker to cause a heap buffer overflow, inducing a crash and possibly the execution of arbitrary code if a maliciously crafted MP4 file is opened. last seen 2020-06-01 modified 2020-06-02 plugin id 31949 published 2008-04-17 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/31949 title Debian DSA-1543-1 : vlc - several vulnerabilities code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-1543. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(31949); script_version("1.18"); script_cvs_date("Date: 2019/08/02 13:32:21"); script_cve_id("CVE-2007-6681", "CVE-2007-6682", "CVE-2007-6683", "CVE-2008-0073", "CVE-2008-0295", "CVE-2008-0296", "CVE-2008-0984", "CVE-2008-1489"); script_xref(name:"DSA", value:"1543"); script_name(english:"Debian DSA-1543-1 : vlc - several vulnerabilities"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Luigi Auriemma, Alin Rad Pop, Remi Denis-Courmont, Quovodis, Guido Landi, Felipe Manzano, Anibal Sacco and others discovered multiple vulnerabilities in vlc, an application for playback and streaming of audio and video. In the worst case, these weaknesses permit a remote, unauthenticated attacker to execute arbitrary code with the privileges of the user running vlc. The Common Vulnerabilities and Exposures project identifies the following eight problems : - CVE-2007-6681 A buffer overflow vulnerability in subtitle handling allows an attacker to execute arbitrary code through the opening of a maliciously crafted MicroDVD, SSA or Vplayer file. - CVE-2007-6682 A format string vulnerability in the HTTP-based remote control facility of the vlc application allows a remote, unauthenticated attacker to execute arbitrary code. - CVE-2007-6683 Insecure argument validation allows a remote attacker to overwrite arbitrary files writable by the user running vlc, if a maliciously crafted M3U playlist or MP3 audio file is opened. - CVE-2008-0295, CVE-2008-0296 Heap buffer overflows in RTSP stream and session description protocol (SDP) handling allow an attacker to execute arbitrary code if a maliciously crafted RTSP stream is played. - CVE-2008-0073 Insufficient integer bounds checking in SDP handling allows the execution of arbitrary code through a maliciously crafted SDP stream ID parameter in an RTSP stream. - CVE-2008-0984 Insufficient integrity checking in the MP4 demuxer allows a remote attacker to overwrite arbitrary memory and execute arbitrary code if a maliciously crafted MP4 file is opened. - CVE-2008-1489 An integer overflow vulnerability in MP4 handling allows a remote attacker to cause a heap buffer overflow, inducing a crash and possibly the execution of arbitrary code if a maliciously crafted MP4 file is opened." ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2007-6681" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2007-6682" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2007-6683" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2008-0295" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2008-0296" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2008-0073" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2008-0984" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2008-1489" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2008/dsa-1543" ); script_set_attribute( attribute:"solution", value: "Upgrade the vlc packages. For the stable distribution (etch), these problems have been fixed in version 0.8.6-svn20061012.debian-5.1+etch2." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_cwe_id(119, 189, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:vlc"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:4.0"); script_set_attribute(attribute:"patch_publication_date", value:"2008/04/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/04/17"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"4.0", prefix:"libvlc0", reference:"0.8.6-svn20061012.debian-5.1+etch2")) flag++; if (deb_check(release:"4.0", prefix:"libvlc0-dev", reference:"0.8.6-svn20061012.debian-5.1+etch2")) flag++; if (deb_check(release:"4.0", prefix:"mozilla-plugin-vlc", reference:"0.8.6-svn20061012.debian-5.1+etch2")) flag++; if (deb_check(release:"4.0", prefix:"vlc", reference:"0.8.6-svn20061012.debian-5.1+etch2")) flag++; if (deb_check(release:"4.0", prefix:"vlc-nox", reference:"0.8.6-svn20061012.debian-5.1+etch2")) flag++; if (deb_check(release:"4.0", prefix:"vlc-plugin-alsa", reference:"0.8.6-svn20061012.debian-5.1+etch2")) flag++; if (deb_check(release:"4.0", prefix:"vlc-plugin-arts", reference:"0.8.6-svn20061012.debian-5.1+etch2")) flag++; if (deb_check(release:"4.0", prefix:"vlc-plugin-esd", reference:"0.8.6-svn20061012.debian-5.1+etch2")) flag++; if (deb_check(release:"4.0", prefix:"vlc-plugin-ggi", reference:"0.8.6-svn20061012.debian-5.1+etch2")) flag++; if (deb_check(release:"4.0", prefix:"vlc-plugin-glide", reference:"0.8.6-svn20061012.debian-5.1+etch2")) flag++; if (deb_check(release:"4.0", prefix:"vlc-plugin-sdl", reference:"0.8.6-svn20061012.debian-5.1+etch2")) flag++; if (deb_check(release:"4.0", prefix:"vlc-plugin-svgalib", reference:"0.8.6-svn20061012.debian-5.1+etch2")) flag++; if (deb_check(release:"4.0", prefix:"wxvlc", reference:"0.8.6-svn20061012.debian-5.1+etch2")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Windows NASL id VLC_0_8_6F.NASL description The version of VLC Media Player installed on the remote host reportedly is affected by several security issues : - A subtitle buffer overflow (CVE-2007-6681). - A Real RTSP code execution problem (CVE-2008-0073). - MP4 integer overflows (CVE-2008-1489). - A cinepak integer overflow. last seen 2020-06-01 modified 2020-06-02 plugin id 31853 published 2008-04-11 reporter This script is Copyright (C) 2008-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/31853 title VLC Media Player < 0.8.6f Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(31853); script_version("1.9"); script_cve_id("CVE-2007-6681", "CVE-2008-1489"); script_bugtraq_id(27015, 28433); script_name(english:"VLC Media Player < 0.8.6f Multiple Vulnerabilities"); script_summary(english:"Checks version of VLC"); script_set_attribute(attribute:"synopsis", value: "The remote Windows host contains a media player that is affected by several vulnerabilities." ); script_set_attribute(attribute:"description", value: "The version of VLC Media Player installed on the remote host reportedly is affected by several security issues : - A subtitle buffer overflow (CVE-2007-6681). - A Real RTSP code execution problem (CVE-2008-0073). - MP4 integer overflows (CVE-2008-1489). - A cinepak integer overflow." ); script_set_attribute(attribute:"see_also", value:"http://www.videolan.org/developers/vlc/NEWS" ); script_set_attribute(attribute:"solution", value: "Upgrade to VLC Media Player version 0.8.6f or later." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_cwe_id(119, 189); script_set_attribute(attribute:"plugin_publication_date", value: "2008/04/11"); script_cvs_date("Date: 2018/08/06 14:03:16"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:videolan:vlc_media_player"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc."); script_dependencies("vlc_installed.nasl"); script_require_keys("SMB/VLC/Version"); exit(0); } include("global_settings.inc"); ver = get_kb_item("SMB/VLC/Version"); if (ver && tolower(ver) =~ "^0\.([0-7]\.|8\.([0-5]|6($|[a-e])))") { if (report_verbosity) { report = string( "\n", "VLC Media Player version ", ver, " is currently installed on the remote host.\n" ); security_hole(port:get_kb_item("SMB/transport"), extra:report); } else security_hole(get_kb_item("SMB/transport")); }NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200804-25.NASL description The remote host is affected by the vulnerability described in GLSA-200804-25 (VLC: User-assisted execution of arbitrary code) Multiple vulnerabilities were found in VLC: Luigi Auriemma discovered that the stack-based buffer overflow when reading subtitles, which has been reported as CVE-2007-6681 in GLSA 200803-13, was not properly fixed (CVE-2008-1881). Alin Rad Pop of Secunia reported an array indexing vulnerability in the sdpplin_parse() function when processing streams from RTSP servers in Xine code, which is also used in VLC (CVE-2008-0073). Drew Yao and Nico Golde reported an integer overflow in the MP4_ReadBox_rdrf() function in the file libmp4.c leading to a heap-based buffer overflow when reading MP4 files (CVE-2008-1489). Drew Yao also reported integer overflows in the MP4 demuxer, the Real demuxer and in the Cinepak codec, which might lead to buffer overflows (CVE-2008-1768). Drew Yao finally discovered and a boundary error in Cinepak, which might lead to memory corruption (CVE-2008-1769). Impact : A remote attacker could entice a user to open a specially crafted media file or stream, possibly resulting in the remote execution of arbitrary code. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 32045 published 2008-04-25 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/32045 title GLSA-200804-25 : VLC: User-assisted execution of arbitrary code
Oval
| accepted | 2012-11-19T04:00:22.142-05:00 | ||||||||
| class | vulnerability | ||||||||
| contributors |
| ||||||||
| definition_extensions |
| ||||||||
| description | Integer overflow in the MP4_ReadBox_rdrf function in libmp4.c for VLC 0.8.6e allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MP4 RDRF box that triggers a heap-based buffer overflow, a different vulnerability than CVE-2008-0984. | ||||||||
| family | windows | ||||||||
| id | oval:org.mitre.oval:def:14841 | ||||||||
| status | accepted | ||||||||
| submitted | 2012-01-24T15:20:33.178-04:00 | ||||||||
| title | Integer overflow in the MP4_ReadBox_rdrf function in libmp4.c for VLC 0.8.6e | ||||||||
| version | 6 |
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 28433 CVE(CAN) ID: CVE-2008-1489 VLC Media Player是一款免费的媒体播放器。 VLC播放器的modules/demux/mp4/libmp4.c文件中的MP4_ReadBox_rdrf()函数存在整数溢出漏洞,如果用户受骗打开的MP4文件中包含有特制的RDRF元素的话,就可能触发堆溢出,导致执行任意指令。 VideoLAN VLC Media Player 0.8.6e Rémi Denis-Courmont (<a href=mailto:[email protected] target=_blank>[email protected]</a>) 链接:<a href=http://secunia.com/advisories/29503/ target=_blank>http://secunia.com/advisories/29503/</a> <a href=http://trac.videolan.org/vlc/changeset/09572892df7e72c0d4e598c0b5e076cf330d8b0a target=_blank>http://trac.videolan.org/vlc/changeset/09572892df7e72c0d4e598c0b5e076cf330d8b0a</a> |
| id | SSV:3097 |
| last seen | 2017-11-19 |
| modified | 2008-03-27 |
| published | 2008-03-27 |
| reporter | Root |
| title | VLC媒体播放器MP4_ReadBox_rdrf()函数堆溢出漏洞 |
References
- http://secunia.com/advisories/29503
- http://secunia.com/advisories/29503
- http://secunia.com/advisories/29766
- http://secunia.com/advisories/29766
- http://secunia.com/advisories/29800
- http://secunia.com/advisories/29800
- http://security.gentoo.org/glsa/glsa-200804-25.xml
- http://security.gentoo.org/glsa/glsa-200804-25.xml
- http://trac.videolan.org/vlc/changeset/09572892df7e72c0d4e598c0b5e076cf330d8b0a
- http://trac.videolan.org/vlc/changeset/09572892df7e72c0d4e598c0b5e076cf330d8b0a
- http://wiki.videolan.org/Changelog/0.8.6f
- http://wiki.videolan.org/Changelog/0.8.6f
- http://www.debian.org/security/2008/dsa-1543
- http://www.debian.org/security/2008/dsa-1543
- http://www.securityfocus.com/bid/28433
- http://www.securityfocus.com/bid/28433
- http://www.videolan.org/security/sa0803.php
- http://www.videolan.org/security/sa0803.php
- http://www.vupen.com/english/advisories/2008/0985
- http://www.vupen.com/english/advisories/2008/0985
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41412
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41412
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14841
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14841