VRDA Feed : Provides information for vulnerability impact analysis

VRDA Feed by

Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis

[ about VRDA Feed | JPCERT/CC ]

Vulnerability Analysis Result (Revision No : 1)

[ Download XML ]

CVE-2010-3124

vlc_media_player: Untrusted search path vulnerability in bin/winvlc.c...

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3124

Original

Untrusted search path vulnerability in bin/winvlc.c in VLC Media Player 1.1.3 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wintab32.dll that is located in the same folder as a .mp3 file.

Translation (Show)

About This Analysis Information

Analysis Information Provider:

NIST NVD

First Published:

2010-08-26

Source Information Category:

Advisory, Alert

Last Updated:

2010-08-26

Affected Product Tags

cpe:/a:videolan:vlc_media_player:0.1.99b

cpe:/a:videolan:vlc_media_player:0.1.99e

cpe:/a:videolan:vlc_media_player:0.1.99f

cpe:/a:videolan:vlc_media_player:0.1.99g

cpe:/a:videolan:vlc_media_player:0.1.99h

cpe:/a:videolan:vlc_media_player:0.1.99i

cpe:/a:videolan:vlc_media_player:0.2.0

cpe:/a:videolan:vlc_media_player:0.2.60

cpe:/a:videolan:vlc_media_player:0.2.61

cpe:/a:videolan:vlc_media_player:0.2.62

cpe:/a:videolan:vlc_media_player:0.2.63

cpe:/a:videolan:vlc_media_player:0.2.70

cpe:/a:videolan:vlc_media_player:0.2.71

cpe:/a:videolan:vlc_media_player:0.2.72

cpe:/a:videolan:vlc_media_player:0.2.73

cpe:/a:videolan:vlc_media_player:0.2.80

cpe:/a:videolan:vlc_media_player:0.2.81

cpe:/a:videolan:vlc_media_player:0.2.82

cpe:/a:videolan:vlc_media_player:0.2.83

cpe:/a:videolan:vlc_media_player:0.2.90

cpe:/a:videolan:vlc_media_player:0.2.91

cpe:/a:videolan:vlc_media_player:0.2.92

cpe:/a:videolan:vlc_media_player:0.3.0

cpe:/a:videolan:vlc_media_player:0.3.1

cpe:/a:videolan:vlc_media_player:0.4.0

cpe:/a:videolan:vlc_media_player:0.4.1

cpe:/a:videolan:vlc_media_player:0.4.2

cpe:/a:videolan:vlc_media_player:0.4.3

cpe:/a:videolan:vlc_media_player:0.4.4

cpe:/a:videolan:vlc_media_player:0.4.5

cpe:/a:videolan:vlc_media_player:0.4.6

cpe:/a:videolan:vlc_media_player:0.5.0

cpe:/a:videolan:vlc_media_player:0.5.1

cpe:/a:videolan:vlc_media_player:0.5.2

cpe:/a:videolan:vlc_media_player:0.5.3

cpe:/a:videolan:vlc_media_player:0.6.0

cpe:/a:videolan:vlc_media_player:0.6.1

cpe:/a:videolan:vlc_media_player:0.6.2

cpe:/a:videolan:vlc_media_player:0.7.0

cpe:/a:videolan:vlc_media_player:0.7.2

cpe:/a:videolan:vlc_media_player:0.8.0

cpe:/a:videolan:vlc_media_player:0.8.1

cpe:/a:videolan:vlc_media_player:0.8.2

cpe:/a:videolan:vlc_media_player:0.8.4

cpe:/a:videolan:vlc_media_player:0.8.5

cpe:/a:videolan:vlc_media_player:0.8.6

cpe:/a:videolan:vlc_media_player:0.9.10

cpe:/a:videolan:vlc_media_player:0.9.2

cpe:/a:videolan:vlc_media_player:0.9.3

cpe:/a:videolan:vlc_media_player:0.9.4

cpe:/a:videolan:vlc_media_player:0.9.5

cpe:/a:videolan:vlc_media_player:0.9.6

cpe:/a:videolan:vlc_media_player:0.9.8a

cpe:/a:videolan:vlc_media_player:0.9.9

cpe:/a:videolan:vlc_media_player:1.0.0

cpe:/a:videolan:vlc_media_player:1.0.1

cpe:/a:videolan:vlc_media_player:1.0.2

cpe:/a:videolan:vlc_media_player:1.0.3

cpe:/a:videolan:vlc_media_player:1.0.4

cpe:/a:videolan:vlc_media_player:1.0.5

cpe:/a:videolan:vlc_media_player:1.0.6

cpe:/a:videolan:vlc_media_player:1.1.0

cpe:/a:videolan:vlc_media_player:1.1.1

cpe:/a:videolan:vlc_media_player:1.1.2

cpe:/a:videolan:vlc_media_player:1.1.3 and previous versions

Vulnerability Analysis Results

[Access Vector] ^[?]

Undefined^[?]

Local^[?]

Adjacent Network^[?]

Network^[?]

[Access Complexit] ^[?]

Undefined^[?]

High^[?]

Medium^[?]

Low^[?]

[Authentication] ^[?]

Undefined^[?]

Multiple^[?]

Single^[?]

None^[?]

[Confidentiality Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

[Integrity Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

[Availability Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

Alternatives

References

CONFIRM http://git.videolan.org/?p=vlc/vlc-1.1.git;a=blobdiff;f=bin/winvlc.c;h=ac9b97ca9f5f9ba001f13bf61eb5127a1c1dbcbf;hp=2d09cba320e3b0def7069ce1ebab25d1340161c5;hb=43a31df56c37bd62c691cdbe3c1f11babd164b56;hpb=2d366da738b19f8d761d7084746c6db6f52808c6

EXPLOIT-DB 14750

MLIST [oss-security] 20100825 CVE request: VLC media player - DLL preloading vulnerability

MLIST [oss-security] 20100825 Re: CVE request: VLC media player - DLL preloading vulnerability

SECUNIA 41107

VUPEN ADV-2010-2172

Vulnerability Type Other (NVD-CWE-Other)