Vulnerabilities > CVE-2008-4558 - Resource Management Errors vulnerability in Videolan VLC Media Player 0.9.2
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Array index error in VLC media player 0.9.2 allows remote attackers to overwrite arbitrary memory and execute arbitrary code via an XSPF playlist file with a negative identifier tag, which passes a signed comparison.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Common Weakness Enumeration (CWE)
Exploit-Db
description | VLC 0.9.2 Media Player XSPF Memory Corruption Vulnerability. CVE-2008-4558. Dos exploit for windows platform |
file | exploits/windows/dos/6756.txt |
id | EDB-ID:6756 |
last seen | 2016-02-01 |
modified | 2008-10-14 |
platform | windows |
port | |
published | 2008-10-14 |
reporter | Core Security |
source | https://www.exploit-db.com/download/6756/ |
title | VLC 0.9.2 Media Player XSPF Memory Corruption Vulnerability |
type | dos |
Nessus
NASL family | Windows |
NASL id | VLC_0_9_3.NASL |
description | The version of VLC media player installed on the remote host is earlier than 0.9.3. Such versions do not properly bounds-check an identifier tag in XSPF files in the |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 34400 |
published | 2008-10-15 |
reporter | This script is Copyright (C) 2008-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/34400 |
title | VLC Media Player < 0.9.3 XSPF Playlist Handling Memory Corruption |
code |
|
Oval
accepted | 2012-11-19T04:00:16.969-05:00 | ||||||||
class | vulnerability | ||||||||
contributors |
| ||||||||
definition_extensions |
| ||||||||
description | Array index error in VLC media player 0.9.2 allows remote attackers to overwrite arbitrary memory and execute arbitrary code via an XSPF playlist file with a negative identifier tag, which passes a signed comparison. | ||||||||
family | windows | ||||||||
id | oval:org.mitre.oval:def:14726 | ||||||||
status | accepted | ||||||||
submitted | 2012-01-24T15:20:33.178-04:00 | ||||||||
title | Array index error in VLC media player 0.9.2 | ||||||||
version | 6 |
References
- http://secunia.com/advisories/32267
- http://www.coresecurity.com/content/vlc-xspf-memory-corruption
- http://www.exploit-db.com/exploits/6756
- http://www.securityfocus.com/archive/1/497354/100/0/threaded
- http://www.securityfocus.com/bid/31758
- http://www.vupen.com/english/advisories/2008/2826
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45869
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14726