Signature Detail
Short Name |
HTTP:STC:DL:VLC-TY-BO |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
VideoLAN VLC Media Player TY Processing Buffer Overflow |
Release Date |
2010/10/15 |
Update Number |
1794 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: VideoLAN VLC Media Player TY Processing Buffer Overflow
This signature detects attempts to exploit a known vulnerability in the VideoLAN VLC Media Player. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the server. In an unsuccessful attack, the VideoLAN VLC client application terminates unexpectedly.
Extended Description
VLC media player is prone to a stack-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input. Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions. VLC media player 0.9.0 up to and including 0.9.4 are vulnerable.
Affected Products
- VideoLAN VLC media player 0.9.0
- VideoLAN VLC media player 0.9.1
- VideoLAN VLC media player 0.9.2
- VideoLAN VLC media player 0.9.3
- VideoLAN VLC media player 0.9.4
References
- BugTraq: 31813
- CVE: CVE-2008-4654