CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
99.8%
Added: 12/01/2008
CVE: CVE-2008-5036
BID: 32125
OSVDB: 49809
VLC media player is a media player supporting various audio and video formats for multiple platforms.
A buffer overflow vulnerability in the ParseRealText function allows command execution when a user opens a media file which references a specially crafted RealText subtitle file.
Upgrade to VLC media player 0.9.6 or higher.
<http://www.videolan.org/security/sa0810.html>
Exploit works with VLC media player 0.9.4 and requires a user to download and save the MOV and RT files in the same directory, and then open the MOV file in VLC.
Windows 2000
Windows XP