Signature Detail

HTTP: VideoLAN VLC real.c ReadRealIndex Real Demuxer Integer Overflow

This signature detects a known flaw against VideoLAN VLC Media Player. It is caused due to an integer overflow when playing a specially crafted RealMedia (.rm) file. An unauthenticated remote attacker could exploit this vulnerability by enticing a user to play a specially crafted RealMedia file. Successful exploitation would cause a heap buffer overflow allowing the attacker to execute arbitrary code with the privileges of the currently logged on user. In an attack case where code injection is not successful, VideoLAN VLC client application will terminate unexpectedly. In a more sophisticated attack scenario where code injection is successful, the behaviour of the target host is entirely dependent on the intended function of the injected code. The code in such a case would execute within the security context of the current user. The affected application would also most likely stop functioning as a result of such an attack.

Extended Description

VLC media player is prone to a heap buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input. Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions. This issues affects VLC 0.9.0 through 0.9.6.

Affected Products

• Gentoo Linux
• VideoLAN VLC media player 0.9.0
• VideoLAN VLC media player 0.9.1
• VideoLAN VLC media player 0.9.2
• VideoLAN VLC media player 0.9.3
• VideoLAN VLC media player 0.9.4
• VideoLAN VLC media player 0.9.5
• VideoLAN VLC media player 0.9.6

References

• BugTraq: 32545
• CVE: CVE-2008-5276