Published: 16/01/2008 Updated: 29/09/2017

CVSS v2 Base Score: 8.5 | Impact Score: 10 | Exploitability Score: 6.8

VMScore: 855

Vector: AV:N/AC:M/Au:S/C:C/I:C/A:C

Heap-based buffer overflow in modules/access/rtsp/real_sdpplin.c in the Xine library, as used in VideoLAN VLC Media Player 0.8.6d and previous versions, allows user-assisted remote malicious users to cause a denial of service (crash) or execute arbitrary code via long Session Description Protocol (SDP) data.

Vulnerable Product	Search on Vulmon	Subscribe to Product
videolan vlc media player

Debian Bug report logs - #461544 vlc: CVE-2008-029[5,6] multiple vulnerabilities in embedded xine copy Package: vlc; Maintainer for vlc is Debian Multimedia Maintainers <debian-multimedia@listsdebianorg>; Source for vlc is src:vlc (PTS, buildd, popcon) Reported by: Nico Golde <nion@debianorg> Date: Sat, 19 Jan 200 ...

#!/usr/bin/python # # Kantaris 034 Media Player Local Buffer Overflow [0day!] # # The following exploit will make a filmssa file, # just rename the file with the name of your movie, and use your imagination # to pwn! :) # Shellcode is local bind shell, just telnet to port:4444 to get command prompt :) # # BIG thanks to muts <muts[at]offensi ...

CWE-119 http://aluigi.altervista.org/adv/vlcxhof-adv.txt http://www.securityfocus.com/bid/27221 http://secunia.com/advisories/28383 http://www.gentoo.org/security/en/glsa/glsa-200803-13.xml http://secunia.com/advisories/29284 http://www.debian.org/security/2008/dsa-1543 http://secunia.com/advisories/29766 http://www.vupen.com/english/advisories/2008/0105 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14776 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=461544 https://nvd.nist.gov https://www.exploit-db.com/exploits/5498/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2008-0295

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect