Vulnerabilities > CVE-2008-2430 - Numeric Errors vulnerability in Videolan VLC Media Player 0.8.6H
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Integer overflow in the Open function in modules/demux/wav.c in VLC Media Player 0.8.6h on Windows allows remote attackers to execute arbitrary code via a large fmt chunk in a WAV file.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 1 | |
| Application | 1 |
Common Weakness Enumeration (CWE)
Nessus
NASL family Windows NASL id VLC_0_8_6I.NASL description The installed version of VLC media player is affected by an integer overflow vulnerability. By tricking a user into opening a malicious .WAV file, it may be possible to cause a denial of service condition or execute arbitrary code within the context of the affected application. last seen 2020-06-01 modified 2020-06-02 plugin id 33485 published 2008-07-15 reporter This script is Copyright (C) 2008-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/33485 title VLC Media Player < 0.8.6i WAV File Handling Integer Overflow code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(33485); script_version("1.10"); script_cve_id("CVE-2008-2430"); script_bugtraq_id(30058); script_name(english:"VLC Media Player < 0.8.6i WAV File Handling Integer Overflow"); script_summary(english:"Checks version of VLC"); script_set_attribute(attribute:"synopsis", value: "The remote Windows host contains an application that is affected by an integer overflow vulnerability." ); script_set_attribute(attribute:"description", value: "The installed version of VLC media player is affected by an integer overflow vulnerability. By tricking a user into opening a malicious .WAV file, it may be possible to cause a denial of service condition or execute arbitrary code within the context of the affected application." ); script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/493849" ); script_set_attribute(attribute:"see_also", value:"http://wiki.videolan.org/Changelog/0.8.6i" ); script_set_attribute(attribute:"solution", value: "Upgrade to VLC Media Player version 0.8.6i or later." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(189); script_set_attribute(attribute:"plugin_publication_date", value: "2008/07/15"); script_cvs_date("Date: 2018/11/15 20:50:29"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:videolan:vlc_media_player"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc."); script_dependencies("vlc_installed.nasl"); script_require_keys("SMB/VLC/Version"); exit(0); } include("global_settings.inc"); ver = get_kb_item("SMB/VLC/Version"); if (ver && tolower(ver) =~ "^0\.([0-7]\.|8\.([0-5]|6($|[a-h]$)))") { if (report_verbosity) { report = string( "\n", "VLC Media Player version ", ver, " is currently installed on the remote host.\n" ); security_hole(port:get_kb_item("SMB/transport"), extra:report); } else security_hole(get_kb_item("SMB/transport")); }NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1819.NASL description Several vulnerabilities have been discovered in vlc, a multimedia player and streamer. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2008-1768 Drew Yao discovered that multiple integer overflows in the MP4 demuxer, Real demuxer and Cinepak codec can lead to the execution of arbitrary code. - CVE-2008-1769 Drew Yao discovered that the Cinepak codec is prone to a memory corruption, which can be triggered by a crafted Cinepak file. - CVE-2008-1881 Luigi Auriemma discovered that it is possible to execute arbitrary code via a long subtitle in an SSA file. - CVE-2008-2147 It was discovered that vlc is prone to a search path vulnerability, which allows local users to perform privilege escalations. - CVE-2008-2430 Alin Rad Pop discovered that it is possible to execute arbitrary code when opening a WAV file containing a large fmt chunk. - CVE-2008-3794 Pinar Yanardag discovered that it is possible to execute arbitrary code when opening a crafted mmst link. - CVE-2008-4686 Tobias Klein discovered that it is possible to execute arbitrary code when opening a crafted .ty file. - CVE-2008-5032 Tobias Klein discovered that it is possible to execute arbitrary code when opening an invalid CUE image file with a crafted header. last seen 2020-06-01 modified 2020-06-02 plugin id 39451 published 2009-06-19 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/39451 title Debian DSA-1819-1 : vlc - several vulnerabilities code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-1819. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(39451); script_version("1.14"); script_cvs_date("Date: 2019/08/02 13:32:22"); script_cve_id("CVE-2008-1768", "CVE-2008-1769", "CVE-2008-1881", "CVE-2008-2147", "CVE-2008-2430", "CVE-2008-3794", "CVE-2008-4686", "CVE-2008-5032"); script_bugtraq_id(32125); script_xref(name:"DSA", value:"1819"); script_name(english:"Debian DSA-1819-1 : vlc - several vulnerabilities"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Several vulnerabilities have been discovered in vlc, a multimedia player and streamer. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2008-1768 Drew Yao discovered that multiple integer overflows in the MP4 demuxer, Real demuxer and Cinepak codec can lead to the execution of arbitrary code. - CVE-2008-1769 Drew Yao discovered that the Cinepak codec is prone to a memory corruption, which can be triggered by a crafted Cinepak file. - CVE-2008-1881 Luigi Auriemma discovered that it is possible to execute arbitrary code via a long subtitle in an SSA file. - CVE-2008-2147 It was discovered that vlc is prone to a search path vulnerability, which allows local users to perform privilege escalations. - CVE-2008-2430 Alin Rad Pop discovered that it is possible to execute arbitrary code when opening a WAV file containing a large fmt chunk. - CVE-2008-3794 Pinar Yanardag discovered that it is possible to execute arbitrary code when opening a crafted mmst link. - CVE-2008-4686 Tobias Klein discovered that it is possible to execute arbitrary code when opening a crafted .ty file. - CVE-2008-5032 Tobias Klein discovered that it is possible to execute arbitrary code when opening an invalid CUE image file with a crafted header." ); script_set_attribute( attribute:"see_also", value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=478140" ); script_set_attribute( attribute:"see_also", value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=477805" ); script_set_attribute( attribute:"see_also", value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=489004" ); script_set_attribute( attribute:"see_also", value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496265" ); script_set_attribute( attribute:"see_also", value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=503118" ); script_set_attribute( attribute:"see_also", value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504639" ); script_set_attribute( attribute:"see_also", value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=480724" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2008-1768" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2008-1769" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2008-1881" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2008-2147" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2008-2430" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2008-3794" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2008-4686" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2008-5032" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2009/dsa-1819" ); script_set_attribute( attribute:"solution", value: "Upgrade the vlc packages. For the oldstable distribution (etch), these problems have been fixed in version 0.8.6-svn20061012.debian-5.1+etch3. For the stable distribution (lenny), these problems have been fixed in version 0.8.6.h-4+lenny2, which was already included in the lenny release." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'VLC Media Player RealText Subtitle Overflow'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_cwe_id(119, 189, 264, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:vlc"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:4.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:5.0"); script_set_attribute(attribute:"patch_publication_date", value:"2009/06/18"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/06/19"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"4.0", prefix:"libvlc0", reference:"0.8.6-svn20061012.debian-5.1+etch3")) flag++; if (deb_check(release:"4.0", prefix:"libvlc0-dev", reference:"0.8.6-svn20061012.debian-5.1+etch3")) flag++; if (deb_check(release:"4.0", prefix:"mozilla-plugin-vlc", reference:"0.8.6-svn20061012.debian-5.1+etch3")) flag++; if (deb_check(release:"4.0", prefix:"vlc", reference:"0.8.6-svn20061012.debian-5.1+etch3")) flag++; if (deb_check(release:"4.0", prefix:"vlc-nox", reference:"0.8.6-svn20061012.debian-5.1+etch3")) flag++; if (deb_check(release:"4.0", prefix:"vlc-plugin-alsa", reference:"0.8.6-svn20061012.debian-5.1+etch3")) flag++; if (deb_check(release:"4.0", prefix:"vlc-plugin-arts", reference:"0.8.6-svn20061012.debian-5.1+etch3")) flag++; if (deb_check(release:"4.0", prefix:"vlc-plugin-esd", reference:"0.8.6-svn20061012.debian-5.1+etch3")) flag++; if (deb_check(release:"4.0", prefix:"vlc-plugin-ggi", reference:"0.8.6-svn20061012.debian-5.1+etch3")) flag++; if (deb_check(release:"4.0", prefix:"vlc-plugin-glide", reference:"0.8.6-svn20061012.debian-5.1+etch3")) flag++; if (deb_check(release:"4.0", prefix:"vlc-plugin-sdl", reference:"0.8.6-svn20061012.debian-5.1+etch3")) flag++; if (deb_check(release:"4.0", prefix:"vlc-plugin-svgalib", reference:"0.8.6-svn20061012.debian-5.1+etch3")) flag++; if (deb_check(release:"4.0", prefix:"wxvlc", reference:"0.8.6-svn20061012.debian-5.1+etch3")) flag++; if (deb_check(release:"5.0", prefix:"vlc", reference:"0.8.6.h-4+lenny2")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200807-13.NASL description The remote host is affected by the vulnerability described in GLSA-200807-13 (VLC: Multiple vulnerabilities) Remi Denis-Courmont reported that VLC loads plugins from the current working directory in an unsafe manner (CVE-2008-2147). Alin Rad Pop (Secunia Research) reported an integer overflow error in the Open() function in the file modules/demux/wav.c (CVE-2008-2430). Impact : A remote attacker could entice a user to open a specially crafted .wav file, and a local attacker could entice a user to run VLC from a directory containing specially crafted modules, possibly resulting in the execution of arbitrary code with the privileges of the user running the application. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 33779 published 2008-08-01 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/33779 title GLSA-200807-13 : VLC: Multiple vulnerabilities code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 200807-13. # # The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(33779); script_version("1.16"); script_cvs_date("Date: 2019/08/02 13:32:45"); script_cve_id("CVE-2008-2147", "CVE-2008-2430"); script_xref(name:"GLSA", value:"200807-13"); script_name(english:"GLSA-200807-13 : VLC: Multiple vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-200807-13 (VLC: Multiple vulnerabilities) Remi Denis-Courmont reported that VLC loads plugins from the current working directory in an unsafe manner (CVE-2008-2147). Alin Rad Pop (Secunia Research) reported an integer overflow error in the Open() function in the file modules/demux/wav.c (CVE-2008-2430). Impact : A remote attacker could entice a user to open a specially crafted .wav file, and a local attacker could entice a user to run VLC from a directory containing specially crafted modules, possibly resulting in the execution of arbitrary code with the privileges of the user running the application. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200807-13" ); script_set_attribute( attribute:"solution", value: "All VLC users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=media-video/vlc-0.8.6i'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_cwe_id(189, 264); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:vlc"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2008/07/31"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/08/01"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"media-video/vlc", unaffected:make_list("ge 0.8.6i"), vulnerable:make_list("lt 0.8.6i"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "VLC"); }
Oval
accepted 2012-11-19T04:00:11.084-05:00 class vulnerability contributors name Shane Shaffer organization G2, Inc. name Shane Shaffer organization G2, Inc.
definition_extensions comment VLC media player is installed oval oval:org.mitre.oval:def:11821 description Integer overflow in the Open function in modules/demux/wav.c in VLC Media Player 0.8.6h on Windows allows remote attackers to execute arbitrary code via a large fmt chunk in a WAV file. family windows id oval:org.mitre.oval:def:14344 status accepted submitted 2012-01-24T15:20:33.178-04:00 title Integer overflow in the Open function in modules/demux/wav.c in VLC Media Player 0.8.6h on Windows version 6 accepted 2012-11-19T04:00:18.239-05:00 class vulnerability contributors name Shane Shaffer organization G2, Inc. name Shane Shaffer organization G2, Inc. name Maria Kedovskaya organization ALTX-SOFT
definition_extensions comment VLC media player is installed oval oval:org.mitre.oval:def:11821 description Integer overflow in the Open function in modules/demux/wav.c in VLC Media Player 0.8.6h on Windows allows remote attackers to execute arbitrary code via a large fmt chunk in a WAV file. family windows id oval:org.mitre.oval:def:14769 status deprecated submitted 2012-01-24T15:20:33.178-04:00 title DEPRECATED: Untrusted search path vulnerability in VideoLAN VLC before 0.9.0 version 8
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 30058 CVE ID:CVE-2008-2430 CNCVE ID:CNCVE-20082430 VLC media player是一款流行的媒体播放器。 VLC media player处理WAV文件存在缓冲区溢出,远程攻击者可以利用漏洞以应用程序权限执行任意指令。 modules/demux/wav.c文件中的"Open()"函数存在一个整数溢出,构建包含超大"fmt"块的WAV文件,诱使用户访问,可触发基于堆的溢出,可能以应用程序权限执行任意指令。 VideoLAN VLC media player 0.8.6 h 升级程序: VideoLAN VLC media player 0.8.6 h * VideoLAN Changeset 3de60bf5b886ad81d7c05d68dff7a1ba461c0ac1 <a href=https://trac.videolan.org/vlc/changeset/3de60bf5b886ad81d7c05d68dff7a1 target=_blank>https://trac.videolan.org/vlc/changeset/3de60bf5b886ad81d7c05d68dff7a1</a> ba461c0ac1 |
| id | SSV:3535 |
| last seen | 2017-11-19 |
| modified | 2008-07-03 |
| published | 2008-07-03 |
| reporter | Root |
| title | VLC Media Player WAV文件缓冲区溢出漏洞 |
References
- http://secunia.com/secunia_research/2008-29/advisory/
- http://www.videolan.org/developers/vlc/NEWS
- http://secunia.com/advisories/30601
- http://www.securitytracker.com/id?1020429
- http://security.gentoo.org/glsa/glsa-200807-13.xml
- http://secunia.com/advisories/31317
- http://www.securityfocus.com/bid/30058
- http://securityreason.com/securityalert/3976
- http://www.vupen.com/english/advisories/2008/1995/references
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14769
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14344
- http://www.securityfocus.com/archive/1/493849/100/0/threaded