VideoLAN VLC Media Player XSPF Memory Corruption
Severity: : Medium
CVE Kennungen: : CVE-2008-4558
Advisory Date: 21 de июля de 2015
DESCRIPTION
Array index error in VLC media player 0.9.2 allows remote attackers to overwrite arbitrary memory and execute arbitrary code via an XSPF playlist file with a negative identifier tag, which passes a signed comparison.
INFORMATION EXPOSURE
Apply associated Trend Micro DPI Rules.
SOLUTION
Trend Micro Deep Security DPI Rule Number: 1002982
Trend Micro Deep Security DPI Rule Name: 1002982 - VideoLAN VLC Media Player XSPF Memory Corruption
AFFECTED SOFTWARE AND VERSION:
- videolan vlc_media_player 0.9.2