PT-2008-2587 · Videolan+1 · Vlc Media Player+1

Anibal Sacco

Publicado

2008-02-26

Atualizado

2018-10-15

CVE-2008-0984

CVSS v2.0

9.3

Alta

Vetor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions VLC media player versions 0.8.6d and earlier Miro Player versions 1.1 and earlier

Description The issue allows remote attackers to overwrite arbitrary memory and execute arbitrary code via a malformed MP4 file. This is related to the MP4 demuxer (mp4.c) in VLC media player when used in Miro Player.

Recommendations For VLC media player versions 0.8.6d and earlier, update to a version later than 0.8.6d to resolve the issue. For Miro Player versions 1.1 and earlier, update to a version later than 1.1 to resolve the issue. As a temporary workaround, consider avoiding the use of the MP4 demuxer (mp4.c) in VLC media player until a patch is available.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-399

Identificadores relacionados

CVE-2008-0984

DSA-1543-1

DTSA-116-1

Produtos afetados

Miro Player

Vlc Media Player

PT-2008-2587 · Videolan+1 · Vlc Media Player+1

CVE-2008-0984

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 20