CVE-2007-6262 – VideoLAN VLC Media Player 0.86 < 0.86d - ActiveX Remote Bad Pointer Initialization
https://notcve.org/view.php?id=CVE-2007-6262
A certain ActiveX control in axvlc.dll in VideoLAN VLC 0.8.6 before 0.8.6d allows remote attackers to execute arbitrary code via crafted arguments to the (1) addTarget, (2) getVariable, or (3) setVariable function, resulting from a "bad initialized pointer," aka a "recursive plugin release vulnerability." Cierto control ActiveX de axvlc.dll en VideoLAN VLC 0.8.6 anterior a 0.8.6d permite a atacantes remotos ejecutar código de su elección mediante argumentos manipulados a las funciones (1) addTarget, (2) getVariable, o (3) setVariable, resultando en un "puntero mal inicializado", también conocido como una "vulnerabilidad recursiva de liberación de extensión". • https://www.exploit-db.com/exploits/4688 http://secunia.com/advisories/27878 http://securityreason.com/securityalert/3420 http://www.coresecurity.com/?action=item&id=2035 http://www.securityfocus.com/archive/1/484563/100/0/threaded http://www.securityfocus.com/bid/26675 http://www.videolan.org/sa0703.html http://www.vupen.com/english/advisories/2007/4061 https://exchange.xforce.ibmcloud.com/vulnerabilities/38816 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mi • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2007-3467
https://notcve.org/view.php?id=CVE-2007-3467
Integer overflow in the __status_Update function in stats.c VideoLAN VLC Media Player before 0.8.6c allows remote attackers to cause a denial of service (crash) via a WAV file with a large sample rate. Desbordamiento de entero en la función the __status_Update en stats.c de VideoLAN VLC Media Player anterior a 0.8.6c permite a atacantes remotos provocar una denegación de servicio (caída) mediante un fichero WAV con una tasa de muestreo grande. • http://osvdb.org/42189 http://secunia.com/advisories/25980 http://www.debian.org/security/2007/dsa-1332 http://www.isecpartners.com/advisories/2007-001-vlc.txt http://www.securityfocus.com/archive/1/471933/100/0/threaded https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14863 •
CVE-2007-3468
https://notcve.org/view.php?id=CVE-2007-3468
input.c in VideoLAN VLC Media Player before 0.8.6c allows remote attackers to cause a denial of service (crash) via a crafted WAV file that causes an uninitialized i_nb_resamplers variable to be used. input.c en VideoLAN VLC Media Player anterior a 0.8.6c permite a atacantes remotos provocar una denegación de servicio (caída) mediante un fichero WAV artesanal que provoca que una variable i_nb_resamplers no inicializada sea usada. • http://osvdb.org/38992 http://secunia.com/advisories/25980 http://www.debian.org/security/2007/dsa-1332 http://www.isecpartners.com/advisories/2007-001-vlc.txt http://www.securityfocus.com/archive/1/471933/100/0/threaded https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14744 •
CVE-2007-3316
https://notcve.org/view.php?id=CVE-2007-3316
Multiple format string vulnerabilities in plugins in VideoLAN VLC Media Player before 0.8.6c allow remote attackers to cause a denial of service (crash) or execute arbitrary code via format string specifiers in (1) an Ogg/Vorbis file, (2) an Ogg/Theora file, (3) a CDDB entry for a CD Digital Audio (CDDA) file, or (4) Service Announce Protocol (SAP) multicast packets. Múltiples vulnerabilidades de formato de cadena en las extensiones del VideoLAN VLC Media Player anterior al 0.8.6c permiten a atacantes remotos provocar una denegación de servicio (caída) o ejecutar código de su elección a través de especificadores de formato de cadena en el fichero (1) Ogg/Vorbis, (2) Ogg/Theora (3) la entrada CDDB para un fichero CD Digital Audio (CDDA) o (4) paquetes de envío múltiple (multicast) Service Announce Protocol (SAP). • http://osvdb.org/37379 http://osvdb.org/37380 http://osvdb.org/37381 http://osvdb.org/37382 http://secunia.com/advisories/25753 http://secunia.com/advisories/25980 http://secunia.com/advisories/26269 http://security.gentoo.org/glsa/glsa-200707-12.xml http://www.debian.org/security/2007/dsa-1332 http://www.isecpartners.com/advisories/2007-001-vlc.txt http://www.kb.cert.org/vuls/id/200928 http://www.securityfocus.com/archive/1/471933/100/0/threaded htt •
CVE-2007-0256 – VideoLAN VLC Media Player 0.8.6a - Denial of Service
https://notcve.org/view.php?id=CVE-2007-0256
VideoLAN VLC 0.8.6a allows remote attackers to cause a denial of service (application crash) via a crafted .wmv file. VideoLAN VLC 0.8.6a permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) mediante un fichero .wmv manipulado. • https://www.exploit-db.com/exploits/3119 https://www.exploit-db.com/exploits/29443 http://downloads.securityfocus.com/vulnerabilities/exploits/22003.py http://osvdb.org/39022 http://wiki.videolan.org/Changelog/0.8.6b http://www.securityfocus.com/bid/22003 https://exchange.xforce.ibmcloud.com/vulnerabilities/31515 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14698 •