|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200701-24] VLC media player: Format string vulnerability Vulnerability Scan
Vulnerability Scan Summary VLC media player: Format string vulnerability
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200701-24
(VLC media player: Format string vulnerability)
Kevin Finisterre has discovered that when handling media locations,
various functions throughout VLC media player make improper use of
format strings.
Impact
A possible hacker could entice a user to open a specially crafted media
location or M3U file with VLC media player, and execute arbitrary code
on the system with the rights of the user running VLC media player.
Workaround
There is no known workaround at this time.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0017
Solution:
All VLC media player users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-video/vlc-0.8.6-r1"
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.
|