CVE-2007-6262

Sažetak

A certain ActiveX control in axvlc.dll in VideoLAN VLC 0.8.6 before 0.8.6d allows remote attackers to execute arbitrary code via crafted arguments to the (1) addTarget, (2) getVariable, or (3) setVariable function, resulting from a "bad initialized pointer," aka a "recursive plugin release vulnerability."

Reference

http://secunia.com/advisories/27878
http://securityreason.com/securityalert/3420
http://www.coresecurity.com/?action=item&id=2035
http://www.securityfocus.com/archive/1/484563/100/0/threaded
http://www.securityfocus.com/bid/26675
http://www.videolan.org/sa0703.html
http://www.vupen.com/english/advisories/2007/4061
https://exchange.xforce.ibmcloud.com/vulnerabilities/38816
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14280

CVSS

Base:	6.8
Impact:	6.4
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

15-10-2018 - 21:51

Objavljeno

06-12-2007 - 02:46