ID CVE-2018-11529
Summary VideoLAN VLC media player 2.2.x is prone to a use after free vulnerability which an attacker can leverage to execute arbitrary code via crafted MKV files. Failed exploit attempts will likely result in denial of service conditions.
References
Vulnerable Configurations
  • Debian Linux 9.0
    cpe:2.3:o:debian:debian_linux:9.0
  • cpe:2.3:a:videolan:vlc_media_player:2.2.8
    cpe:2.3:a:videolan:vlc_media_player:2.2.8
CVSS
Base: 6.8
Impact:
Exploitability:
CWE CWE-416
CAPEC
exploit-db via4
description VLC Media Player - MKV Use-After-Free (Metasploit). CVE-2018-11529. Local exploit for Windows platform. Tags: Metasploit Framework (MSF), Local
file exploits/windows/local/45626.rb
id EDB-ID:45626
last seen 2018-11-27
modified 2018-10-16
platform windows
port
published 2018-10-16
reporter Exploit-DB
source https://old.exploit-db.com/download/45626/
title VLC Media Player - MKV Use-After-Free (Metasploit)
type local
metasploit via4
description This module exploits a use after free vulnerability in VideoLAN VLC =< 2.2.8. The vulnerability exists in the parsing of MKV files and affects both 32 bits and 64 bits. In order to exploit this, this module will generate two files: The first .mkv file contains the main vulnerability and heap spray, the second .mkv file is required in order to take the vulnerable code path and should be placed under the same directory as the .mkv file. This module has been tested against VLC v2.2.8. Tested with payloads windows/exec, windows/x64/exec, windows/shell/reverse_tcp, windows/x64/shell/reverse_tcp. Meterpreter payloads if used can cause the application to crash instead.
id MSF:EXPLOIT/WINDOWS/FILEFORMAT/VLC_MKV
last seen 2018-10-23
modified 2018-10-10
published 2018-07-18
reliability Great
reporter Rapid7
source https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/vlc_mkv.rb
title VLC Media Player MKV Use After Free
nessus via4
  • NASL family Windows
    NASL id VLC_2_2_8.NASL
    description The version of VLC media player installed on the remote host is equal or prior to 2.2.8. It is, therefore, affected by a use-after-free vulnerability. An attacker could leverage this vulnerability to cause a denial of service or potentially execute arbitrary code.
    last seen 2018-10-12
    modified 2018-10-11
    plugin id 112216
    published 2018-08-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=112216
    title VLC Media Player <= 2.2.8 Use-After-Free RCE
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-4251.NASL
    description A use-after-free was discovered in the MP4 demuxer of the VLC media player, which could result in the execution of arbitrary code if a malformed media file is played.
    last seen 2018-11-14
    modified 2018-11-13
    plugin id 111174
    published 2018-07-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111174
    title Debian DSA-4251-1 : vlc - security update
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_DC57AD48ECBB439BA4D05869BE47684E.NASL
    description Mitre reports : VideoLAN VLC media player 2.2.x is prone to a use after free vulnerability which an attacker can leverage to execute arbitrary code via crafted MKV files. Failed exploit attempts will likely result in denial of service conditions.
    last seen 2018-11-24
    modified 2018-11-23
    plugin id 111224
    published 2018-07-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111224
    title FreeBSD : vlc -- Use after free vulnerability (dc57ad48-ecbb-439b-a4d0-5869be47684e)
packetstorm via4
refmap via4
debian DSA-4251
fulldisc 20180710 VLC media player 2.2.8 Arbitrary Code Execution PoC
sectrack 1041311
Last major update 11-07-2018 - 12:29
Published 11-07-2018 - 12:29
Last modified 18-10-2018 - 06:29
Back to Top