CVE-2007-6262

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus

SecuriTeam™
Beyond Security®

SecuriTeam™ Home
Ask the Team
Mailing Lists
Advertising Info
Blogs

	SecuriTeam™ in Your Inbox

	E-mail this CVE-2007-6262 to a friend

New vulnerability?
New tool?
Tell us

Credit:
The information has been provided by Ricardo Narvaja (Ricnar).

Website Security Scan	Code Vulnerability Test	Network Assessment Tool
Detect hidden vulnerabilities	Exhaustive automated testing	Real-time, continuous security
Get guidance from professionals	of internal or 3rd party code.	scanning for your entire network

Check for CVE-2007-6262

Vulnerability Assessment and Management.
Automated Pen Testing for 50 to 50,000 nodes
beyondsecurity.com/vulnerability-scanner

Vulnerable Systems:
* VLC media player 0.8.6 to 0.8.6c

The user may use VLC media player's Mozilla plugin for Mozilla Firefox or Seamonkey, which are not affected by this issue and provide the same features set.
Otherwise, websites from untrusted sources should not be opened.

VLC media player's ActiveX plugin is prone to a recursive plugin release vulnerability when being used within specifically crafted websites.

Vendor Status:
VideoLAN had issued an update for this vulnerability

Patch Availability:
http://www.videolan.org/security/sa0703.html

CVE Information:
CVE-2007-6262

Disclosure Timeline:
3 December 2007
Core Security advisory published

30 November 2007
VLC 0.8.6d bugfix release
Binaries for MS Windows

17 November 2007
Source code fixes for VLC 0.8.6c and development tree

29 October 2007
Bug reported by Ricardo Narvaja
Damien Fouilleul, Felix Paul K hne,
on behalf of the VideoLAN project

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus