Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.3
CVSSv2

CVE-2008-0984

Published: 26/02/2008 Updated: 15/10/2018
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
VMScore: 935
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Miro Player

Vulnerability Summary

The MP4 demuxer (mp4.c) for VLC media player 0.8.6d and previous versions, as used in Miro Player 1.1 and previous versions, allows remote malicious users to overwrite arbitrary memory and execute arbitrary code via a malformed MP4 file.

Vulnerable Product Search on Vulmon Subscribe to Product

miro miro player

videolan vlc media player

Vendor Advisories

Debian CVElist Bug Report Logs: vlc CVE-2008-1489: integer overflow leading to heap overflow
Debian Bug report logs - #472635 vlc CVE-2008-1489: integer overflow leading to heap overflow Package: vlc; Maintainer for vlc is Debian Multimedia Maintainers <debian-multimedia@listsdebianorg>; Source for vlc is src:vlc (PTS, buildd, popcon) Reported by: Nico Golde <nion@debianorg> Date: Tue, 25 Mar 2008 13:27:0 ...
Debian CVElist Bug Report Logs: vlc: CVE-2008-0984 arbitrary code execution via crafted mp4 file
Debian Bug report logs - #467652 vlc: CVE-2008-0984 arbitrary code execution via crafted mp4 file Package: vlc; Maintainer for vlc is Debian Multimedia Maintainers <debian-multimedia@listsdebianorg>; Source for vlc is src:vlc (PTS, buildd, popcon) Reported by: Axel Beckert <beckert@physethzch> Date: Tue, 26 Feb 2 ...

Exploits

Exploit DB: Kantaris 0.3.4 - SSA Subtitle Local Buffer Overflow
#!/usr/bin/python # # Kantaris 034 Media Player Local Buffer Overflow [0day!] # # The following exploit will make a filmssa file, # just rename the file with the name of your movie, and use your imagination # to pwn! :) # Shellcode is local bind shell, just telnet to port:4444 to get command prompt :) # # BIG thanks to muts <muts[at]offensi ...
Exploit DB: Core Security Technologies Advisory 2008.0130
Core Security Technologies Advisory - The VideoLAN (VLC) media player package is vulnerable to an arbitrary memory corruption vulnerability, which can be exploited by malicious remote attackers to compromise a user's system VLC versions 086d and below and Miro Player versions 11 and below are vulnerable Proof of concept code included ...

References

CWE-399http://www.videolan.org/security/sa0802.htmlhttp://lists.grok.org.uk/pipermail/full-disclosure/2008-February/060481.htmlhttp://www.coresecurity.com/?action=item&id=2147http://www.securityfocus.com/bid/28007http://www.securitytracker.com/id?1019510http://secunia.com/advisories/29122http://secunia.com/advisories/29153http://www.gentoo.org/security/en/glsa/glsa-200803-13.xmlhttp://secunia.com/advisories/29284http://www.debian.org/security/2008/dsa-1543http://secunia.com/advisories/29766http://www.vupen.com/english/advisories/2008/0682http://www.securityfocus.com/archive/1/488841/100/0/threadedhttps://nvd.nist.govhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=472635https://www.exploit-db.com/exploits/5498/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
firmwareCVE-2023-52866CVE-2024-4367CVE-2024-1721CVE-2023-34992XML injectionCVE-2023-52817SQLCVE-2023-52855
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook