Signature Detail
Short Name |
HTTP:STC:DL:VLC-FORMAT-STRING |
|---|---|
Severity |
Medium |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
VideoLan VLC Media Player Remote Format String |
Release Date |
2012/12/17 |
Update Number |
2211 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: VideoLan VLC Media Player Remote Format String
This signature detects attempts to exploit a known vulnerability in VideoLan VLC Media Player. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the application.
Extended Description
VLC media player is prone to a remote format-string vulnerability because the application fails to properly sanitize user-supplied input before including it in the format-specifier argument of a formatted-printing function. Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the application and to compromise affected computers. VLC media player version 0.8.6 is vulnerable; other versions may also be affected.
Affected Products
- Debian Linux 3.1.0
- Debian Linux 3.1.0 Alpha
- Debian Linux 3.1.0 Amd64
- Debian Linux 3.1.0 Arm
- Debian Linux 3.1.0 Hppa
- Debian Linux 3.1.0 Ia-32
- Debian Linux 3.1.0 Ia-64
- Debian Linux 3.1.0 M68k
- Debian Linux 3.1.0 Mips
- Debian Linux 3.1.0 Mipsel
- Debian Linux 3.1.0 Ppc
- Debian Linux 3.1.0 S/390
- Debian Linux 3.1.0 Sparc
- Gentoo Linux
- VideoLAN VLC media player 0.8.6
References
- BugTraq: 21852
- CVE: CVE-2007-0017