Описание
A certain ActiveX control in axvlc.dll in VideoLAN VLC 0.8.6 before 0.8.6d allows remote attackers to execute arbitrary code via crafted arguments to the (1) addTarget, (2) getVariable, or (3) setVariable function, resulting from a "bad initialized pointer," aka a "recursive plugin release vulnerability."
Ссылки
- Vendor Advisory
- ExploitPatch
- Vendor Advisory
- ExploitPatch
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:videolan:vlc_media_player:0.8.6:*:*:*:*:*:*:*
cpe:2.3:a:videolan:vlc_media_player:0.8.6a:*:*:*:*:*:*:*
cpe:2.3:a:videolan:vlc_media_player:0.8.6b:*:*:*:*:*:*:*
EPSS
Процентиль: 95%
0.2128
Средний
6.8 Medium
CVSS2
Дефекты
CWE-119
Связанные уязвимости
debian
почти 18 лет назад
A certain ActiveX control in axvlc.dll in VideoLAN VLC 0.8.6 before 0. ...
github
больше 3 лет назад
A certain ActiveX control in axvlc.dll in VideoLAN VLC 0.8.6 before 0.8.6d allows remote attackers to execute arbitrary code via crafted arguments to the (1) addTarget, (2) getVariable, or (3) setVariable function, resulting from a "bad initialized pointer," aka a "recursive plugin release vulnerability."
EPSS
Процентиль: 95%
0.2128
Средний
6.8 Medium
CVSS2
Дефекты
CWE-119