Vulnerabilities > CVE-2018-11529 - Use After Free vulnerability in multiple products
Attack vector
ADJACENT_NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
VideoLAN VLC media player 2.2.x is prone to a use after free vulnerability which an attacker can leverage to execute arbitrary code via crafted MKV files. Failed exploit attempts will likely result in denial of service conditions.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Exploit-Db
description | VLC Media Player - MKV Use-After-Free (Metasploit). CVE-2018-11529. Local exploit for Windows platform. Tags: Metasploit Framework (MSF), Local |
file | exploits/windows/local/45626.rb |
id | EDB-ID:45626 |
last seen | 2018-11-27 |
modified | 2018-10-16 |
platform | windows |
port | |
published | 2018-10-16 |
reporter | Exploit-DB |
source | https://old.exploit-db.com/download/45626/ |
title | VLC Media Player - MKV Use-After-Free (Metasploit) |
type | local |
Metasploit
description | This module exploits a use after free vulnerability in VideoLAN VLC =< 2.2.8. The vulnerability exists in the parsing of MKV files and affects both 32 bits and 64 bits. In order to exploit this, this module will generate two files: The first .mkv file contains the main vulnerability and heap spray, the second .mkv file is required in order to take the vulnerable code path and should be placed under the same directory as the .mkv file. This module has been tested against VLC v2.2.8. Tested with payloads windows/exec, windows/x64/exec, windows/shell/reverse_tcp, windows/x64/shell/reverse_tcp. Meterpreter payloads if used can cause the application to crash instead. |
id | MSF:EXPLOIT/WINDOWS/FILEFORMAT/VLC_MKV |
last seen | 2020-06-13 |
modified | 2018-10-10 |
published | 2018-07-18 |
references | |
reporter | Rapid7 |
source | https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/fileformat/vlc_mkv.rb |
title | VLC Media Player MKV Use After Free |
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-4251.NASL description A use-after-free was discovered in the MP4 demuxer of the VLC media player, which could result in the execution of arbitrary code if a malformed media file is played. last seen 2020-06-01 modified 2020-06-02 plugin id 111174 published 2018-07-20 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/111174 title Debian DSA-4251-1 : vlc - security update NASL family Windows NASL id VLC_2_2_8.NASL description The version of VLC media player installed on the remote host is equal or prior to 2.2.8. It is, therefore, affected by a use-after-free vulnerability. An attacker could leverage this vulnerability to cause a denial of service or potentially execute arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 112216 published 2018-08-31 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/112216 title VLC Media Player <= 2.2.8 Use-After-Free RCE NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_DC57AD48ECBB439BA4D05869BE47684E.NASL description Mitre reports : VideoLAN VLC media player 2.2.x is prone to a use after free vulnerability which an attacker can leverage to execute arbitrary code via crafted MKV files. Failed exploit attempts will likely result in denial of service conditions. last seen 2020-06-01 modified 2020-06-02 plugin id 111224 published 2018-07-23 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/111224 title FreeBSD : vlc -- Use after free vulnerability (dc57ad48-ecbb-439b-a4d0-5869be47684e)
Packetstorm
data source https://packetstormsecurity.com/files/download/149759/vlc_mkv.rb.txt id PACKETSTORM:149759 last seen 2018-10-11 published 2018-10-11 reporter Eugene NG source https://packetstormsecurity.com/files/149759/VLC-Media-Player-2.2.8-MKV-Use-After-Free.html title VLC Media Player 2.2.8 MKV Use-After-Free data source https://packetstormsecurity.com/files/download/148471/vlc228-exec.txt id PACKETSTORM:148471 last seen 2018-07-11 published 2018-07-10 reporter Eugene NG source https://packetstormsecurity.com/files/148471/VLC-Media-Player-2.2.8-Arbitrary-Code-Execution.html title VLC Media Player 2.2.8 Arbitrary Code Execution
Seebug
bulletinFamily | exploit |
id | SSV:97416 |
last seen | 2018-07-11 |
modified | 2018-07-11 |
published | 2018-07-11 |
reporter | Knownsec |
source | https://www.seebug.org/vuldb/ssvid-97416 |
title | VLC media player 2.2.8 Arbitrary Code Execution PoC(CVE-2018-11529) |
References
- http://seclists.org/fulldisclosure/2018/Jul/28
- http://seclists.org/fulldisclosure/2018/Jul/28
- http://www.securitytracker.com/id/1041311
- http://www.securitytracker.com/id/1041311
- https://www.debian.org/security/2018/dsa-4251
- https://www.debian.org/security/2018/dsa-4251
- https://www.exploit-db.com/exploits/45626/
- https://www.exploit-db.com/exploits/45626/