Severity: : Critical
  CVE Kennungen: : CVE-2008-5276
  Advisory Date: 21 lipca 2015

  DESCRIPTION

Integer overflow in the ReadRealIndex function in real.c in the Real demuxer plugin in VideoLAN VLC media player 0.9.0 through 0.9.7 allows remote attackers to execute arbitrary code via a malformed RealMedia (.rm) file that triggers a heap-based buffer overflow.

  INFORMATION EXPOSURE

Apply associated Trend Micro DPI Rules.

  SOLUTION

  Trend Micro Deep Security DPI Rule Number: 1003201
  Trend Micro Deep Security DPI Rule Name: 1003201 - VideoLAN VLC real.c ReadRealIndex Real Demuxer Integer Overflow

  AFFECTED SOFTWARE AND VERSION:

  • videolan vlc_media_player 0.9.0
  • videolan vlc_media_player 0.9.1
  • videolan vlc_media_player 0.9.2
  • videolan vlc_media_player 0.9.3
  • videolan vlc_media_player 0.9.4
  • videolan vlc_media_player 0.9.5
  • videolan vlc_media_player 0.9.6
  • videolan vlc_media_player 0.9.7
  • videolan vlc_media_player 0.9.8