News & Media
Become a member »
» AA-2007.0127 -- [Win][UNIX/Linux] -- Two vulnerabili...
AA-2007.0127 -- [Win][UNIX/Linux] -- Two vulnerabilities in VLC 0.8.6d allow arbitrary code execution
22 April 2007
Click here for printable version
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AA-2007.0127 AUSCERT Advisory [Win][UNIX/Linux] Two vulnerabilities in VLC 0.8.6d allow arbitrary code execution 22 April 2008 - --------------------------------------------------------------------------- AusCERT Advisory Summary ------------------------ Product: VLC Media Player 0.8.6d and prior Operating System: UNIX variants (UNIX, Linux, OSX) Windows Impact: Execute Arbitrary Code/Commands Access: Remote/Unauthenticated CVE Names: CVE-2007-6681 Member content until: Friday, January 25 2008 Revision History: April 22 2008: Added CVE December 28 2007: Initial Release OVERVIEW Two vulnerabilities have been discovered in the latest release of VLC (0.8.6d) media player. Both of these vulnerabilities allow a remote attacker to execute arbitrary code.  IMPACT A boundry error exists in the "ParseMicroDvd()", "ParseSSA()", and "ParseVplayer()" functions of VLC. This can be exploited using a specially crafted subtitles file to allow execution of arbitrary code. This is usually a file with the same name as the movie and a .ssa extention. These functions enable the reading of MicroDvd, SSA and Vplayer subtitle formats.  A second vulnerability exists in the VLC web interface. A malicious HTTP request can allow a remote attacker to execute arbitrary code. By default the web interface is not enabled. MITIGATION A fix has been added to the VLC SVN repository.  Nightly builds are available from http://nightlies.videolan.org.  Until a stable version is made available, you should consider disabling the web interface (if it has been enabled). You should also not open any untrusted video files you receive with VLC, especially if they come with a .ssa subtitle file. REFERENCES  VLC Media Player Multiple Vulnerabilities http://secunia.com/advisories/28233/  http://aluigi.altervista.org/adv/vlcboffs-adv.txt  VLC media player nightly builds http://nightlies.videolan.org AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. If you believe that your computer system has been compromised or attacked in any way, we encourage you to let us know by completing the secure National IT Incident Reporting Form at: http://www.auscert.org.au/render.html?it=3192 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: email@example.com Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQCVAwUBSA0c8yh9+71yA2DNAQJjVQQAkTMw5im2IRWx5/OojSlWbqet2n/IxOaJ SqL8Q7HqYgTSw/ockXABaoa4xtWiis/Vj42Q6POoL0+bvYg1w8TAGyltK0Ae/lXz C3rkQxCMXT6Fz/Mfxtxec4/MeNsYKigjhfPJ0myC371bZljl4cKISijmsCgJ+yTw FqItHoFWWU0= =aFqZ -----END PGP SIGNATURE-----
Comments? Click here