CVE-2007-6262

A certain ActiveX control in axvlc.dll in VideoLAN VLC 0.8.6 before 0.8.6d allows remote attackers to execute arbitrary code via crafted arguments to the (1) addTarget, (2) getVariable, or (3) setVariable function, resulting from a "bad initialized pointer," aka a "recursive plugin release vulnerability."

CVSS v2.0 6.8 MEDIUM

6.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://secunia.com/advisories/27878	Vendor Advisory
http://securityreason.com/securityalert/3420
http://www.coresecurity.com/?action=item&id=2035
http://www.securityfocus.com/archive/1/484563/100/0/threaded
http://www.securityfocus.com/bid/26675	Exploit Patch
http://www.videolan.org/sa0703.html
http://www.vupen.com/english/advisories/2007/4061
https://exchange.xforce.ibmcloud.com/vulnerabilities/38816
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14280

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:videolan:vlc_media_player:0.8.6:::::::*
	cpe:2.3:a:videolan:vlc_media_player:0.8.6a:::::::*
	cpe:2.3:a:videolan:vlc_media_player:0.8.6b:::::::*

History

No history.

Information

Published : 2007-12-06 02:46

Updated : 2024-02-28 11:01

NVD link : CVE-2007-6262

Mitre link : CVE-2007-6262

CVE.ORG link : CVE-2007-6262

JSON object : View

Products Affected

videolan

vlc_media_player

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

{"id": "CVE-2007-6262", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2007-12-06T02:46:00.000", "references": [{"url": "http://secunia.com/advisories/27878", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://securityreason.com/securityalert/3420", "source": "cve@mitre.org"}, {"url": "http://www.coresecurity.com/?action=item&id=2035", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/484563/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/26675", "tags": ["Exploit", "Patch"], "source": "cve@mitre.org"}, {"url": "http://www.videolan.org/sa0703.html", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2007/4061", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38816", "source": "cve@mitre.org"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14280", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "A certain ActiveX control in axvlc.dll in VideoLAN VLC 0.8.6 before 0.8.6d allows remote attackers to execute arbitrary code via crafted arguments to the (1) addTarget, (2) getVariable, or (3) setVariable function, resulting from a \"bad initialized pointer,\" aka a \"recursive plugin release vulnerability.\""}, {"lang": "es", "value": "Cierto control ActiveX de axvlc.dll en VideoLAN VLC 0.8.6 anterior a 0.8.6d permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante argumentos manipulados a las funciones (1) addTarget, (2) getVariable, o (3) setVariable, resultando en un \"puntero mal inicializado\", tambi\u00e9n conocido como una \"vulnerabilidad recursiva de liberaci\u00f3n de extensi\u00f3n\"."}], "lastModified": "2018-10-15T21:51:25.123", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "18B68706-5A1F-479F-8A38-F93D98481F9C"}, {"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6a:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "06BB94C4-9315-48FB-8859-425993D42973"}, {"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6b:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "97E4572E-337D-43F3-81AE-54E496F04E49"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}