Release DateDec 23, 2008 |
Severityhigh |
ImpactSystem Compromise: Remote attackers can gain control of vulnerable systems. |
DescriptionThis indicates an attack attempt against a format-string vulnerability in VideoLAN VLC HTTPD.The vulnerability is caused by an error when the vulnerable software handles a malicious "Connection" parameter. It allows a remote attacker to execute arbitrary code via sending a crafted web request. |
Affected ProductsVideoLAN VLC media player 0.8.6dVideoLAN VLC media player 0.8.6c VideoLAN VLC media player 0.8.6b VideoLAN VLC media player 0.8.6a |
Recommended ActionsUpgrade to the latest version, available from the vendor's web site:http://www.videolan.org/ |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2007-6682 |
Reference/shttp://milw0rm.com/exploits/5519http://www.securityfocus.com/bid/27015 (BugTraq) |
