Published: 11/07/2018 Updated: 21/03/2019

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 8 | Impact Score: 5.9 | Exploitability Score: 2.1

VMScore: 685

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

VideoLAN VLC media player 2.2.x is prone to a use after free vulnerability which an attacker can leverage to execute arbitrary code via crafted MKV files. Failed exploit attempts will likely result in denial of service conditions.

Vulnerable Product	Search on Vulmon	Subscribe to Product
debian debian linux 9.0
videolan vlc media player

A use-after-free was discovered in the MP4 demuxer of the VLC media player, which could result in the execution of arbitrary code if a malformed media file is played For the stable distribution (stretch), this problem has been fixed in version 303-1-0+deb9u1 We recommend that you upgrade your vlc packages For the detailed security status of vl ...

VideoLAN VLC media player 22x before 303-1 is prone to a use after free vulnerability which an attacker can leverage to execute arbitrary code via crafted MKV files Failed exploit attempts will likely result in denial of service conditions ...

## # This module requires Metasploit: metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit Rank = GreatRanking include Msf::Exploit::FILEFORMAT def initialize(info = {}) super(update_info(info, 'Name' => 'VLC Media Player MKV Use ...

This Metasploit module exploits a use-after-free vulnerability in VideoLAN VLC versions 228 and below The vulnerability exists in the parsing of MKV files and affects both 32 bits and 64 bits In order to exploit this, this module will generate two files: The first mkv file contains the main vulnerability and heap spray, the second mkv file is ...

VLC Media Player version 228 use-after-free arbitrary code execution proof of concept exploit ...

Full Disclosure mailing list archives   By Date By Thread </form>    VLC media player 228 Arbitrary Code Execution PoC   From: "Euge ...

LabCorp ransomed, 18k routers rooted, a new EXIF menace, and more

The Register • Shaun Nichols in San Francisco • 21 Jul 2018

Plus a new worry for enterprises over DNS flaws

Roundup This was the week of blunders by Venmo, million-dollar bank heists, and beefier bug bounties. Here's a few more bits of news. Any large-scale data breach is bad news, but one that results in the loss of the health information of a quarter of the population is downright disastrous. Such was the case in Singapore, where an estimated 1.5 million people (about 25 per cent of the population) had their records lifted from the health and information ministries' database. Any Singaporeans worrie...

CVE-2018-11529

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

Mailing Lists

Recent Articles

References

Vulmon Search

About

Products

Connect