Skip to main content

VLC Media Player MMS and Real RTSP Vulnerabilities

Last Update Date: 20 Mar 2012 10:09 Release Date: 20 Mar 2012 5705 Views

RISK: Medium Risk

TYPE: Clients - Audio & Video

TYPE: Audio & Video

Multiple vulnerabilities have been reported in VLC Media Player, which can be exploited by malicious people to compromise a user's system.

  1. A boundary error within the "MMSOpen()" function (modules/access/mms/mmstu.c) in the MMS access plugin (libaccess_mms_plugin) can be exploited to cause a stack-based buffer overflow via a specially crafted MMS stream.
  2. Some errors within the realrtsp access plugin (libaccess_realrtsp_plugin) when handling Real rtsp streams can be exploited to cause heap-based buffer overflows.

Successful exploitation of the vulnerabilities may allow execution of arbitrary code.


Impact

  • Remote Code Execution

System / Technologies affected

  • Update to version 2.0.1.

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • Update to version 2.0.1.

Vulnerability Identifier

  • No CVE information is available

Source


Related Link