6.8

CVE-2008-3794

Exploit
Integer signedness error in the mms_ReceiveCommand function in modules/access/mms/mmstu.c in VLC Media Player 0.8.6i allows remote attackers to execute arbitrary code via a crafted mmst link with a negative size value, which bypasses a size check and triggers an integer overflow followed by a heap-based buffer overflow.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
VideolanVlc Media Player Version0.8.6i
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 11.04% 0.953
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://security.gentoo.org/glsa/glsa-200809-06.xml
http://mailman.videolan.org/pipermail/vlc-devel/2008-August/048488.html
http://securityreason.com/securityalert/4190
http://www.openwall.com/lists/oss-security/2008/08/24/3
http://www.orange-bat.com/adv/2008/adv.08.24.txt
Exploit
http://www.securityfocus.com/bid/30806
http://www.securitytracker.com/id?1020759
https://exchange.xforce.ibmcloud.com/vulnerabilities/44659
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14531
https://www.exploit-db.com/exploits/6293