CVE-2011-1087
HIGH severity · CVSS 7.6 · Memory corruption
7.6CVSS HIGH
Summary
Buffer overflow in VideoLAN VLC media player 1.0.5 allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted .mp3 file that is played during bookmark creation.
Impact & exploitability
Attack vectorNetwork
Attack complexityHigh
Privileges required—
User interaction—
Confidentiality impact—
Integrity impact—
Availability impact—
Exploit probability (EPSS)8%
AV:N/AC:H/Au:N/C:C/I:C/A:C
Affected products we track (1)
Recommendation
Apply the vendor fix promptly. Open any affected product above for its exact safe version.
Additional information
- NVD record
- http://secunia.com/advisories/38853Advisory
- http://openwall.com/lists/oss-security/2011/03/02/3
- http://openwall.com/lists/oss-security/2011/03/03/8
- http://openwall.com/lists/oss-security/2011/03/03/9
- http://openwall.com/lists/oss-security/2011/03/28/7
- http://www.osvdb.org/62728
- http://www.securityfocus.com/bid/38569Exploit
- http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4931.phpExploit