CVE Vulnerability

CVE-2007-6262

A certain ActiveX control in axvlc.dll in VideoLAN VLC 0.8.6 before 0.8.6d allows remote attackers to execute arbitrary code via crafted arguments to the (1) addTarget, (2) getVariable, or (3) setVariable function, resulting from a "bad initialized pointer," aka a "recursive plugin release vulnerability."

6.8 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8.6 / Impact : 6.4

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

Scope

References
Link Resource
http://www.coresecurity.com/?action=item&id=2035
http://www.videolan.org/sa0703.html
http://www.securityfocus.com/bid/26675 Exploit Patch
http://secunia.com/advisories/27878 Vendor Advisory
http://securityreason.com/securityalert/3420
http://www.vupen.com/english/advisories/2007/4061
https://exchange.xforce.ibmcloud.com/vulnerabilities/38816
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14280
http://www.securityfocus.com/archive/1/484563/100/0/threaded
Configurations

Configuration 1

cpe:2.3:a:videolan:vlc_media_player:0.8.6b:*:*:*:*:*:*:*
cpe:2.3:a:videolan:vlc_media_player:0.8.6:*:*:*:*:*:*:*
cpe:2.3:a:videolan:vlc_media_player:0.8.6a:*:*:*:*:*:*:*
Information

Published : 2007-12-06 02:46

Updated : 2018-10-15 09:51

NVD link : CVE-2007-6262

Mitre link : CVE-2007-6262

Products Affected
No products.
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer