CVE-2007-6262
VideoLAN VLC Media Player 0.86 < 0.86d - ActiveX Remote Bad Pointer Initialization
Severity Score
6.8
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
2
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
A certain ActiveX control in axvlc.dll in VideoLAN VLC 0.8.6 before 0.8.6d allows remote attackers to execute arbitrary code via crafted arguments to the (1) addTarget, (2) getVariable, or (3) setVariable function, resulting from a "bad initialized pointer," aka a "recursive plugin release vulnerability."
Cierto control ActiveX de axvlc.dll en VideoLAN VLC 0.8.6 anterior a 0.8.6d permite a atacantes remotos ejecutar código de su elección mediante argumentos manipulados a las funciones (1) addTarget, (2) getVariable, o (3) setVariable, resultando en un "puntero mal inicializado", también conocido como una "vulnerabilidad recursiva de liberación de extensión".
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2007-12-04 First Exploit
- 2007-12-05 CVE Reserved
- 2007-12-06 CVE Published
- 2024-08-07 CVE Updated
- 2024-10-09 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (10)
| URL | Tag | Source |
|---|---|---|
| http://securityreason.com/securityalert/3420 | Third Party Advisory | |
| http://www.coresecurity.com/?action=item&id=2035 | X_refsource_misc | |
| http://www.securityfocus.com/archive/1/484563/100/0/threaded | Mailing List | |
| http://www.videolan.org/sa0703.html | X_refsource_confirm | |
| http://www.vupen.com/english/advisories/2007/4061 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/38816 | Vdb Entry | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14280 | Signature |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/4688 | 2007-12-04 | |
| http://www.securityfocus.com/bid/26675 | 2024-08-07 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/27878 | 2018-10-15 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Videolan Search vendor "Videolan" | Vlc Media Player Search vendor "Videolan" for product "Vlc Media Player" | 0.8.6 Search vendor "Videolan" for product "Vlc Media Player" and version "0.8.6" | - |
Affected
| ||||||
| Videolan Search vendor "Videolan" | Vlc Media Player Search vendor "Videolan" for product "Vlc Media Player" | 0.8.6a Search vendor "Videolan" for product "Vlc Media Player" and version "0.8.6a" | - |
Affected
| ||||||
| Videolan Search vendor "Videolan" | Vlc Media Player Search vendor "Videolan" for product "Vlc Media Player" | 0.8.6b Search vendor "Videolan" for product "Vlc Media Player" and version "0.8.6b" | - |
Affected
| ||||||