VLC Media Player < 1.0.1 real_get_rdt_chunk() Function Overflow

NASLDB: VLC Media Player < 1.0.1 real_get_rdt_chunk() Function Overflow

General

ID: 40466
Name: VLC Media Player < 1.0.1 real_get_rdt_chunk() Function Overflow

Summary: Checks version of VLC

Credits: –

Classification

Risk: –

CVSS: –
CVSS Base Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Port: –
Family: Windows
Type: Local

Description

The version of VLC media player installed on the remote host is
earlier than 1.0.1. Such versions contain an integer underflow
involving the integer ‘size’ in the ‘real_get_rdt_chunk_header()’
function that can be triggered when reading Real Data Transport (RDT)
chunk headers. This ‘size’ variable is used before the underflow to
allocate storage on the heap and then after it to read an excessive
amount of data from the network via the ‘rtsp_read_data()’ function,
resulting in a buffer overflow. If an attacker can trick a user into
opening a specially crafted RTSP stream with the affected application,
he may be able to execute arbitrary code subject to the user’s
privileges.