CVE-2008-5276

Sažetak

Integer overflow in the ReadRealIndex function in real.c in the Real demuxer plugin in VideoLAN VLC media player 0.9.0 through 0.9.7 allows remote attackers to execute arbitrary code via a malformed RealMedia (.rm) file that triggers a heap-based buffer overflow.

Reference

http://www.trapkit.de/advisories/TKADV2008-013.txt
http://www.videolan.org/security/sa0811.html
http://www.securityfocus.com/bid/32545
http://secunia.com/advisories/32942
http://www.osvdb.org/50333
http://security.gentoo.org/glsa/glsa-200812-24.xml
http://secunia.com/advisories/33315
http://securityreason.com/securityalert/4680
http://www.vupen.com/english/advisories/2008/3287
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14793
http://www.securityfocus.com/archive/1/498768/100/0/threaded
http://git.videolan.org/?p=vlc.git%3Ba=commitdiff%3Bh=d19de4e9f2211cbe5bde00726b66c47a424f4e07

CVSS

Base:	9.3
Impact:	10.0
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

07-11-2023 - 02:03

Objavljeno

03-12-2008 - 17:30