[Forgot Password]
Login  Register Subscribe

30480

 
 

423868

 
 

252588

 
 

909

 
 

196930

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2007-6683Date: (C)2008-01-16   (M)2023-12-22


The browser plugin in VideoLAN VLC 0.8.6d allows remote attackers to overwrite arbitrary files via (1) the :demuxdump-file option in a filename in a playlist, or (2) a EXTVLCOPT statement in an MP3 file, possibly an argument injection vulnerability.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.0
Exploit Score: 10.0
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: NONE
  
Reference:
BID-28712
SECUNIA-29284
SECUNIA-29766
OSVDB-42205
OSVDB-42206
DSA-1543
GLSA-200803-13
http://mailman.videolan.org/pipermail/vlc-devel/2007-December/037726.html
https://trac.videolan.org/vlc/changeset/23197
https://trac.videolan.org/vlc/ticket/1371
oval:org.mitre.oval:def:14619

OVAL    1
oval:org.mitre.oval:def:7830

© SecPod Technologies