Vulnerabilities > CVE-2008-3732 - Numeric Errors vulnerability in Videolan VLC Media Player 0.8.6I
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Integer overflow in the Open function in modules/demux/tta.c in VLC Media Player 0.8.6i allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TTA file, which triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Common Weakness Enumeration (CWE)
Exploit-Db
description | VLC 0.8.6i tta File Parsing Heap Overflow PoC. CVE-2008-3732. Dos exploits for multiple platform |
file | exploits/multiple/dos/6252.txt |
id | EDB-ID:6252 |
last seen | 2016-02-01 |
modified | 2008-08-16 |
platform | multiple |
port | |
published | 2008-08-16 |
reporter | g_ |
source | https://www.exploit-db.com/download/6252/ |
title | VLC 0.8.6i - .tta File Parsing Heap Overflow PoC |
type | dos |
Nessus
NASL family | Gentoo Local Security Checks |
NASL id | GENTOO_GLSA-200809-06.NASL |
description | The remote host is affected by the vulnerability described in GLSA-200809-06 (VLC: Multiple vulnerabilities) g_ reported the following vulnerabilities: An integer overflow leading to a heap-based buffer overflow in the Open() function in modules/demux/tta.c (CVE-2008-3732). A signedness error leading to a stack-based buffer overflow in the mms_ReceiveCommand() function in modules/access/mms/mmstu.c (CVE-2008-3794). Impact : A remote attacker could entice a user to open a specially crafted file, possibly resulting in the remote execution of arbitrary code with the privileges of the user running the application. Workaround : There is no known workaround at this time. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 34105 |
published | 2008-09-08 |
reporter | This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/34105 |
title | GLSA-200809-06 : VLC: Multiple vulnerabilities |
code |
|
Oval
accepted | 2012-11-19T04:00:13.735-05:00 | ||||||||
class | vulnerability | ||||||||
contributors |
| ||||||||
definition_extensions |
| ||||||||
description | Integer overflow in the Open function in modules/demux/tta.c in VLC Media Player 0.8.6i allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TTA file, which triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information. | ||||||||
family | windows | ||||||||
id | oval:org.mitre.oval:def:14570 | ||||||||
status | accepted | ||||||||
submitted | 2012-01-24T15:20:33.178-04:00 | ||||||||
title | Integer overflow in the Open function in modules/demux/tta.c in VLC Media Player 0.8.6i | ||||||||
version | 7 |
References
- http://secunia.com/advisories/31512
- http://security.gentoo.org/glsa/glsa-200809-06.xml
- http://securityreason.com/securityalert/4170
- http://www.orange-bat.com/adv/2008/adv.08.16.txt
- http://www.securityfocus.com/bid/30718
- http://www.vupen.com/english/advisories/2008/2394
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44510
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14570
- https://www.exploit-db.com/exploits/6252