Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:D505716659D7BAD66BE2DC93D44734CC
HistoryMay 09, 2012 - 12:00 a.m.

VideoLAN VLC Media Player MMS URI Stack Overflow

2012-05-0900:00:00
SAINT Corporation
my.saintcorporation.com
35

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.965

Percentile

99.6%

JSON

Added: 05/09/2012
CVE: CVE-2012-1775
BID: 53391
OSVDB: 80188

Background

VLC media player is a media player supporting various audio and video formats for multiple platforms.

Problem

VLC Player versions 2.0.0 and lower do not properly validate the hostname when accessing MMS URIs. An overly long hostname may trigger a stack overflow. If a user were to view a malicious web page that contained a specially crafted MMS URI, it could allow an attacker to gain execution privileges on the user’s system.

Resolution

Upgrade to VLC 2.0.1 or later.

References

<http://www.videolan.org/security/sa1201.html&gt;

Limitations

This exploit has been tested against VideoLAN VLC Media Player 2.0.0 on Windows XP SP3 English (DEP OptIn), using Internet Explorer 7.

Platforms

Windows

Related

seebug 1
ubuntucve 1
saint 3
nvd 1
checkpoint_advisories 2
debiancve 1
packetstorm 1
metasploit 1
cve 1
exploitdb 1
prion 1
cvelist 1
zdt 1
openvas 9
nessus 5
freebsd 1
gentoo 1
seebug
seebug
VLC Media Player MMSζ΅ζ ˆηΌ“ε†²εŒΊζΊ’ε‡ΊζΌζ΄ž
2012-05-09 00:00:00
ubuntucve
ubuntucve
CVE-2012-1775
2012-03-19 00:00:00
saint
saint
VideoLAN VLC Media Player MMS URI Stack Overflow
2012-05-09 00:00:00
VideoLAN VLC Media Player MMS URI Stack Overflow
2012-05-09 00:00:00
VideoLAN VLC Media Player MMS URI Stack Overflow
2012-05-09 00:00:00
nvd
nvd
CVE-2012-1775
2012-03-19 16:55:01
checkpoint_advisories
checkpoint_advisories
VideoLAN VLC Media Player MMS Plugin Stack Buffer Overflow (CVE-2012-1775)
2012-07-30 00:00:00
VideoLAN VLC Media Player MMS Plugin Stack Buffer Overflow - ver 2 (CVE-2012-1775)
2014-04-10 00:00:00
debiancve
debiancve
CVE-2012-1775
2012-03-19 16:55:01
packetstorm
packetstorm
VLC MMS Stream Handling Buffer Overflow
2012-05-03 00:00:00
metasploit
metasploit
VLC MMS Stream Handling Buffer Overflow
2012-05-01 14:39:30
cve
cve
CVE-2012-1775
2012-03-19 16:55:01
exploitdb
exploitdb
VideoLAN VLC Media Player 2.0.0 - Mms Stream Handling Buffer Overflow (Metasploit)
2012-05-03 00:00:00
prion
prion
Stack overflow
2012-03-19 16:55:00
cvelist
cvelist
CVE-2012-1775
2012-03-19 16:00:00
zdt
zdt
VLC MMS Stream Handling Buffer Overflow
2012-05-03 00:00:00
openvas
openvas
FreeBSD Ports: vlc
2012-09-15 00:00:00
VLC Media Player Multiple Vulnerabilities (Mar 2012) - Linux
2012-03-21 00:00:00
VLC Media Player Multiple Vulnerabilities (Mar 2012) - Mac OS X
2012-03-21 00:00:00
nessus
nessus
VLC Media Player < 2.0.1 Multiple RCE
2012-03-21 00:00:00
VLC Media Player < 2.0.1 Multiple Vulnerabilities
2012-03-21 00:00:00
VLC Media Player < 2.0.1 Multiple Code Execution Vulnerabilities
2012-03-21 00:00:00
freebsd
freebsd
vlc -- arbitrary code execution in Real RTSP and MMS support
2012-03-12 00:00:00
gentoo
gentoo
VLC: Multiple vulnerabilities
2014-11-05 00:00:00

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.965

Percentile

99.6%

JSON
Related for SAINT:D505716659D7BAD66BE2DC93D44734CC
seebug1ubuntucve1saint3nvd1checkpoint_advisories2debiancve1packetstorm1metasploit1cve1exploitdb1prion1cvelist1zdt1openvas9nessus5freebsd1gentoo1