1. Symantec-Broadcom-Horizontal/
  2. Security Response/
  3. Attack Signatures/
  4. Web Attack: VLC Media Player CVE-2010-3275

Web Attack: VLC Media Player CVE-2010-3275

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects an attempt to exploit a remote buffer overflow vulnerability in VLC Media Player.

Additional Information

VLC is a cross-platform media player.

VLC media player is prone to stack-based buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied data. These issues may be triggered when the vulnerable application opens malformed '.AMV' or '.NSV' files.

Attackers can exploit these issues to execute arbitrary code in the context of the affected application or crash the application, denying service to legitimate users.

Affected

  • Versions prior to VLC media player 1.1.8 are vulnerable.

Response

Please upgrade to VLC Media Player version 1.1.8 or later.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube