FrSIRT - VideoLAN VLC Remote Buffer Overflow and Format String Vulnerabilities / Exploit (Security Advisories)

French Security Incident Response Team

French

English

VideoLAN VLC Remote Buffer Overflow and Format String Vulnerabilities

Title : VideoLAN VLC Remote Buffer Overflow and Format String Vulnerabilities
Advisory ID : FrSIRT/ADV-2007-4308
CVE ID : CVE-2007-6681 - CVE-2007-6682 - CVE-2008-1881
Rated as : Critical

Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-12-26

Advisory Details

Description

Affected Products

Solution

References

Technical Description

Multiple vulnerabilities have been identified in VideoLAN VLC Media Player, which could be exploited by remote attackers to cause a denial of service or compromise a vulnerable system.

The first issue is caused by buffer overflow errors in the "ParseMicroDvd()", "ParseSSA()" and "ParseVplayer()" [modules/demux/subtitle.c] functions when handling subtitles, which could be exploited by attackers to crash a vulnerable application or execute arbitrary code.

The second vulnerability is caused by a format string error in the web interface when processing the "Connection" parameter via the "httpd_FileCallBack()" [network/httpd.c] function, which could be exploited to crash a vulnerable application or execute arbitrary code.

Credits

Vulnerabilities reported by Luigi Auriemma and Michal Luczaj.

ChangeLog

2007-12-26 : Initial release
2008-03-16 : Updated Affected Products

Vulnerability Management

Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.

Mailinglist

	Sun Solaris Tomcat JSP/Servlet Container Multiple Vulnerabilities
	Sun Java System Access Manager XSLT Code Execution Vulnerability
	Sun Solaris 10 Adobe Reader Multiple Code Execution Vulnerabilities
	Sun Solaris "snmpXdmid" Packet Handling Denial of Service Vulnerability
	Sun Solaris FreeType2 Library Multiple Memory Corruption Vulnerabilities
	Sun Java System Calendar Server Denial of Service Vulnerability
	Sun Solaris SMA SNMPv3 Authentication Bypass Vulnerability

	Cisco Wide Area Application Services CUPS Remote Vulnerability
	Cisco UCM Denial of Service and Authentication Bypass Vulnerabilities
	Cisco Intrusion Prevention System Jumbo Frame Vulnerability
	Cisco VPN Client Deterministic Network Enhancer Privilege Escalation
	Cisco Products SNMPv3 Authentication Packets Vulnerabilities
	Cisco PIX and ASA Security Bypass and Denial of Service
	Cisco IOS Secure Shell Remote Denial of Service

	Oracle Products Command Execution and SQL Injection Vulnerabilities
	Oracle Products Multiple Code Execution and SQL Injection Vulnerabilities
	Oracle Database "PITRIG_DROPMETADATA" Buffer Overflow Vulnerability
	Oracle Products Multiple Code Execution and SQL Injection Vulnerabilities
	Oracle JInitiator ActiveX Control Multiple Remote Buffer Overflow Vulnerabilities
	Oracle Products Multiple Remote Command Execution and SQL Injection Vulnerabilities
	Oracle Products Multiple Remote Command Execution and SQL Injection Vulnerabilities