Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2007-6681

Published: 17/01/2008 Updated: 29/09/2017
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 755
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Videolan

Vulnerability Summary

Stack-based buffer overflow in modules/demux/subtitle.c in VideoLAN VLC 0.8.6d allows remote malicious users to execute arbitrary code via a long subtitle in a (1) MicroDvd, (2) SSA, and (3) Vplayer file.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

videolan vlc

Vendor Advisories

Debian CVElist Bug Report Logs: vlc: CVE-2008-1881 stack-based buffer overflow in subtitle parsing
Debian Bug report logs - #477805 vlc: CVE-2008-1881 stack-based buffer overflow in subtitle parsing Package: vlc; Maintainer for vlc is Debian Multimedia Maintainers <debian-multimedia@listsdebianorg>; Source for vlc is src:vlc (PTS, buildd, popcon) Reported by: Nico Golde <nion@debianorg> Date: Fri, 25 Apr 2008 1 ...

Exploits

Exploit DB: vlc-doubleshell.txt
VLC version 086d double shell universal exploit that binds a shell to port 4444 ...
Exploit DB: Kantaris 0.3.4 - SSA Subtitle Local Buffer Overflow
#!/usr/bin/python # # Kantaris 034 Media Player Local Buffer Overflow [0day!] # # The following exploit will make a filmssa file, # just rename the file with the name of your movie, and use your imagination # to pwn! :) # Shellcode is local bind shell, just telnet to port:4444 to get command prompt :) # # BIG thanks to muts <muts[at]offensi ...

References

CWE-119http://www.securityfocus.com/archive/1/485488/30/0/threadedhttp://mailman.videolan.org/pipermail/vlc-devel/2007-June/032672.htmlhttp://mailman.videolan.org/pipermail/vlc-devel/2007-June/033394.htmlhttp://www.securityfocus.com/bid/27015http://www.gentoo.org/security/en/glsa/glsa-200803-13.xmlhttp://secunia.com/advisories/29284http://www.debian.org/security/2008/dsa-1543http://secunia.com/advisories/29766http://securityreason.com/securityalert/3550http://security.gentoo.org/glsa/glsa-200804-25.xmlhttp://wiki.videolan.org/Changelog/0.8.6fhttp://www.videolan.org/security/sa0801.phphttp://secunia.com/advisories/29800http://osvdb.org/42207http://secunia.com/advisories/28233http://aluigi.altervista.org/adv/vlcboffs-adv.txthttps://www.exploit-db.com/exploits/5667https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14334https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=477805https://nvd.nist.govhttps://www.exploit-db.com/exploits/5498/
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463CVE-2024-29895injectCVE-2023-52689CVE-2024-5049CVE-2024-5051privilege escalationphysicalCVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook