PT-2014-2078 · Videolan+1 · Vlc Media Player+1

Tixxdz

Publicado

2014-12-26

Atualizado

2014-12-29

CVE-2010-2062

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions VLC media player versions prior to 1.0.1 MPlayer versions prior to r29447

Description The issue is related to an integer underflow in the real get rdt chunk function, which can be exploited by remote attackers to execute arbitrary code. This is achieved by providing a crafted length value in an RDT chunk header.

Recommendations For VLC media player versions prior to 1.0.1, update to version 1.0.1 or later to resolve the issue. For MPlayer versions prior to r29447, update to version r29447 or later to resolve the issue. As a temporary workaround, consider restricting access to the real get rdt chunk function in the affected modules until a patch is available.

Exploit

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-189

Identificadores relacionados

CVE-2010-2062

DSA-2043-1

DSA-2044-1

Produtos afetados

Mplayer

Vlc Media Player

PT-2014-2078 · Videolan+1 · Vlc Media Player+1

CVE-2010-2062

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 9