CVE-2008-3794 - Integer signedness error in the mms_ReceiveCommand function in modules/access/mms/mmstu.c in VLC Med

CVE-2008-3794

Summary

Integer signedness error in the mms_ReceiveCommand function in modules/access/mms/mmstu.c in VLC Media Player 0.8.6i allows remote attackers to execute arbitrary code via a crafted mmst link with a negative size value, which bypasses a size check and triggers an integer overflow followed by a heap-based buffer overflow.

References

Vulnerable Configurations

cpe:2.3:a:videolan:vlc_media_player:0.8.6i:*:*:*:*:*:*:*
cpe:2.3:a:videolan:vlc_media_player:0.8.6i:*:*:*:*:*:*:*

CVSS

Base:	6.8 (as of 29-09-2017 - 01:31)
Impact:
Exploitability:

CWE

CWE-189

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:P

oval via4

accepted

2012-11-19T04:00:12.690-05:00

class

vulnerability

contributors

name Shane Shaffer
organization G2, Inc.
name Shane Shaffer
organization G2, Inc.

definition_extensions

comment	VLC media player is installed
oval	oval:org.mitre.oval:def:11821

description

family

windows

oval:org.mitre.oval:def:14531

status

accepted

submitted

2012-01-24T15:20:33.178-04:00

title

Integer signedness error in the mms_ReceiveCommand function in modules/access/mms/mmstu.c in VLC Media Player 0.8.6i

version

refmap via4

bid	30806
exploit-db	6293
gentoo	GLSA-200809-06
misc	http://www.orange-bat.com/adv/2008/adv.08.24.txt
mlist	[oss-security] 20080824 Re: CVE id request: vlc [vlc-devel] 20080824 commit: MMS integers handling fixes, including buffer overflow ( Rémi Denis-Courmont )
sectrack	1020759
sreason	4190
xf	vlcmediaplayer-memmove-bo(44659)

Last major update

29-09-2017 - 01:31

Published

26-08-2008 - 15:41

Last modified

29-09-2017 - 01:31