1. CVE-Search
  2. CVE-2008-5276
ID CVE-2008-5276
Summary Integer overflow in the ReadRealIndex function in real.c in the Real demuxer plugin in VideoLAN VLC media player 0.9.0 through 0.9.7 allows remote attackers to execute arbitrary code via a malformed RealMedia (.rm) file that triggers a heap-based buffer overflow.
References
Vulnerable Configurations
  • cpe:2.3:a:videolan:vlc_media_player:0.9.0:*:*:*:*:*:*:*
    cpe:2.3:a:videolan:vlc_media_player:0.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:videolan:vlc_media_player:0.9.1:*:*:*:*:*:*:*
    cpe:2.3:a:videolan:vlc_media_player:0.9.1:*:*:*:*:*:*:*
  • cpe:2.3:a:videolan:vlc_media_player:0.9.2:*:*:*:*:*:*:*
    cpe:2.3:a:videolan:vlc_media_player:0.9.2:*:*:*:*:*:*:*
  • cpe:2.3:a:videolan:vlc_media_player:0.9.3:*:*:*:*:*:*:*
    cpe:2.3:a:videolan:vlc_media_player:0.9.3:*:*:*:*:*:*:*
  • cpe:2.3:a:videolan:vlc_media_player:0.9.4:*:*:*:*:*:*:*
    cpe:2.3:a:videolan:vlc_media_player:0.9.4:*:*:*:*:*:*:*
  • cpe:2.3:a:videolan:vlc_media_player:0.9.5:*:*:*:*:*:*:*
    cpe:2.3:a:videolan:vlc_media_player:0.9.5:*:*:*:*:*:*:*
  • cpe:2.3:a:videolan:vlc_media_player:0.9.6:*:*:*:*:*:*:*
    cpe:2.3:a:videolan:vlc_media_player:0.9.6:*:*:*:*:*:*:*
  • cpe:2.3:a:videolan:vlc_media_player:0.9.7:*:*:*:*:*:*:*
    cpe:2.3:a:videolan:vlc_media_player:0.9.7:*:*:*:*:*:*:*
  • cpe:2.3:a:videolan:vlc_media_player:0.9.8:*:*:*:*:*:*:*
    cpe:2.3:a:videolan:vlc_media_player:0.9.8:*:*:*:*:*:*:*
CVSS
Base: 9.3 (as of 11-10-2018 - 20:54)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:C/I:C/A:C
oval via4
accepted 2012-11-19T04:00:19.704-05:00
class vulnerability
contributors
  • name Shane Shaffer
    organization G2, Inc.
  • name Shane Shaffer
    organization G2, Inc.
  • name Shane Shaffer
    organization G2, Inc.
definition_extensions
comment VLC media player is installed
oval oval:org.mitre.oval:def:11821
description Integer overflow in the ReadRealIndex function in real.c in the Real demuxer plugin in VideoLAN VLC media player 0.9.0 through 0.9.7 allows remote attackers to execute arbitrary code via a malformed RealMedia (.rm) file that triggers a heap-based buffer overflow.
family windows
id oval:org.mitre.oval:def:14793
status accepted
submitted 2012-01-24T15:20:33.178-04:00
title Integer overflow in the ReadRealIndex function in real.c in the Real demuxer plugin in VideoLAN VLC media player 0.9.0 through 0.9.7
version 7
refmap via4
bid 32545
bugtraq 20081130 [TKADV2008-013] VLC media player RealMedia Processing Integer Overflow Vulnerability
confirm
gentoo GLSA-200812-24
misc http://www.trapkit.de/advisories/TKADV2008-013.txt
osvdb 50333
secunia
  • 32942
  • 33315
sreason 4680
vupen ADV-2008-3287
Last major update 11-10-2018 - 20:54
Published 03-12-2008 - 17:30
Last modified 11-10-2018 - 20:54
Back to Top