Vulnerabilities > CVE-2018-11529 - Use After Free vulnerability in multiple products

047910
CVSS 6.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
debian
videolan
CWE-416
nessus
exploit available
metasploit

Summary

VideoLAN VLC media player 2.2.x is prone to a use after free vulnerability which an attacker can leverage to execute arbitrary code via crafted MKV files. Failed exploit attempts will likely result in denial of service conditions.

Vulnerable Configurations

Part Description Count
OS
Debian
1
Application
Videolan
127

Common Weakness Enumeration (CWE)

Exploit-Db

descriptionVLC Media Player - MKV Use-After-Free (Metasploit). CVE-2018-11529. Local exploit for Windows platform. Tags: Metasploit Framework (MSF), Local
fileexploits/windows/local/45626.rb
idEDB-ID:45626
last seen2018-11-27
modified2018-10-16
platformwindows
port
published2018-10-16
reporterExploit-DB
sourcehttps://old.exploit-db.com/download/45626/
titleVLC Media Player - MKV Use-After-Free (Metasploit)
typelocal

Metasploit

descriptionThis module exploits a use after free vulnerability in VideoLAN VLC =< 2.2.8. The vulnerability exists in the parsing of MKV files and affects both 32 bits and 64 bits. In order to exploit this, this module will generate two files: The first .mkv file contains the main vulnerability and heap spray, the second .mkv file is required in order to take the vulnerable code path and should be placed under the same directory as the .mkv file. This module has been tested against VLC v2.2.8. Tested with payloads windows/exec, windows/x64/exec, windows/shell/reverse_tcp, windows/x64/shell/reverse_tcp. Meterpreter payloads if used can cause the application to crash instead.
idMSF:EXPLOIT/WINDOWS/FILEFORMAT/VLC_MKV
last seen2020-06-13
modified2018-10-10
published2018-07-18
references
reporterRapid7
sourcehttps://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/fileformat/vlc_mkv.rb
titleVLC Media Player MKV Use After Free

Nessus

  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-4251.NASL
    descriptionA use-after-free was discovered in the MP4 demuxer of the VLC media player, which could result in the execution of arbitrary code if a malformed media file is played.
    last seen2020-06-01
    modified2020-06-02
    plugin id111174
    published2018-07-20
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111174
    titleDebian DSA-4251-1 : vlc - security update
  • NASL familyWindows
    NASL idVLC_2_2_8.NASL
    descriptionThe version of VLC media player installed on the remote host is equal or prior to 2.2.8. It is, therefore, affected by a use-after-free vulnerability. An attacker could leverage this vulnerability to cause a denial of service or potentially execute arbitrary code.
    last seen2020-06-01
    modified2020-06-02
    plugin id112216
    published2018-08-31
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/112216
    titleVLC Media Player <= 2.2.8 Use-After-Free RCE
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_DC57AD48ECBB439BA4D05869BE47684E.NASL
    descriptionMitre reports : VideoLAN VLC media player 2.2.x is prone to a use after free vulnerability which an attacker can leverage to execute arbitrary code via crafted MKV files. Failed exploit attempts will likely result in denial of service conditions.
    last seen2020-06-01
    modified2020-06-02
    plugin id111224
    published2018-07-23
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111224
    titleFreeBSD : vlc -- Use after free vulnerability (dc57ad48-ecbb-439b-a4d0-5869be47684e)

Packetstorm

Seebug

bulletinFamilyexploit
idSSV:97416
last seen2018-07-11
modified2018-07-11
published2018-07-11
reporterKnownsec
sourcehttps://www.seebug.org/vuldb/ssvid-97416
titleVLC media player 2.2.8 Arbitrary Code Execution PoC(CVE-2018-11529)