ID CVE-2018-11529
Summary VideoLAN VLC media player 2.2.x is prone to a use after free vulnerability which an attacker can leverage to execute arbitrary code via crafted MKV files. Failed exploit attempts will likely result in denial of service conditions.
References
Vulnerable Configurations
  • Debian Linux 9.0
    cpe:2.3:o:debian:debian_linux:9.0
  • cpe:2.3:a:videolan:vlc_media_player:2.2.8
    cpe:2.3:a:videolan:vlc_media_player:2.2.8
CVSS
Base: 6.8
Impact:
Exploitability:
CWE CWE-416
CAPEC
nessus via4
  • NASL family Windows
    NASL id VLC_2_2_8.NASL
    description The version of VLC media player installed on the remote host is equal or prior to 2.2.8. It is, therefore, affected by a use-after-free vulnerability. An attacker could leverage this vulnerability to cause a denial of service or potentially execute arbitrary code.
    last seen 2018-09-19
    modified 2018-09-17
    plugin id 112216
    published 2018-08-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=112216
    title VLC Media Player <= 2.2.8 Use-After-Free RCE
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_DC57AD48ECBB439BA4D05869BE47684E.NASL
    description Mitre reports : VideoLAN VLC media player 2.2.x is prone to a use after free vulnerability which an attacker can leverage to execute arbitrary code via crafted MKV files. Failed exploit attempts will likely result in denial of service conditions.
    last seen 2018-09-14
    modified 2018-09-12
    plugin id 111224
    published 2018-07-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111224
    title FreeBSD : vlc -- Use after free vulnerability (dc57ad48-ecbb-439b-a4d0-5869be47684e)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-4251.NASL
    description A use-after-free was discovered in the MP4 demuxer of the VLC media player, which could result in the execution of arbitrary code if a malformed media file is played.
    last seen 2018-09-14
    modified 2018-09-12
    plugin id 111174
    published 2018-07-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111174
    title Debian DSA-4251-1 : vlc - security update
packetstorm via4
data source https://packetstormsecurity.com/files/download/148471/vlc228-exec.txt
id PACKETSTORM:148471
last seen 2018-07-11
published 2018-07-10
reporter Eugene NG
source https://packetstormsecurity.com/files/148471/VLC-Media-Player-2.2.8-Arbitrary-Code-Execution.html
title VLC Media Player 2.2.8 Arbitrary Code Execution
refmap via4
debian DSA-4251
fulldisc 20180710 VLC media player 2.2.8 Arbitrary Code Execution PoC
sectrack 1041311
Last major update 11-07-2018 - 12:29
Published 11-07-2018 - 12:29
Last modified 11-09-2018 - 11:05
Back to Top