First published: Mon May 12 2008(Updated: )
Untrusted search path vulnerability in VideoLAN VLC before 0.9.0 allows local users to execute arbitrary code via a malicious library under the modules/ or plugins/ subdirectories of the current working directory.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
VLC for Mobile | =0.8.0 | |
VLC for Mobile | =0.8.5 | |
VLC for Mobile | =0.7.0 | |
VLC for Mobile | =0.4.6 | |
VLC for Mobile | =0.8.4 | |
VLC for Mobile | =0.8.6b | |
VLC for Mobile | =0.5.3 | |
VLC for Mobile | =0.6.0 | |
VLC for Mobile | =0.8.6c | |
VLC for Mobile | =0.7.1 | |
VLC for Mobile | =0.6.1 | |
VLC for Mobile | =0.6.2 | |
VLC for Mobile | =0.5.2 | |
VLC for Mobile | =0.5.1a | |
VLC for Mobile | =0.8.1 | |
VLC for Mobile | =0.8.6d | |
VLC for Mobile | =0.5.0 | |
VLC for Mobile | =0.8.6e | |
VLC for Mobile | =0.5.1 | |
VLC for Mobile | =0.7.2 | |
VLC for Mobile | <=0.8.6 | |
VLC for Mobile | =0.8.2 | |
VLC for Mobile | =0.8.4a | |
VLC for Mobile | =0.8.6a | |
VLC media player | <=0.8.6 | |
VLC media player | =0.4.6 | |
VLC media player | =0.5.0 | |
VLC media player | =0.5.1 | |
VLC media player | =0.5.1a | |
VLC media player | =0.5.2 | |
VLC media player | =0.5.3 | |
VLC media player | =0.6.0 | |
VLC media player | =0.6.1 | |
VLC media player | =0.6.2 | |
VLC media player | =0.7.0 | |
VLC media player | =0.7.1 | |
VLC media player | =0.7.2 | |
VLC media player | =0.8.0 | |
VLC media player | =0.8.1 | |
VLC media player | =0.8.2 | |
VLC media player | =0.8.4 | |
VLC media player | =0.8.4a | |
VLC media player | =0.8.5 | |
VLC media player | =0.8.6a | |
VLC media player | =0.8.6b | |
VLC media player | =0.8.6c | |
VLC media player | =0.8.6d | |
VLC media player | =0.8.6e |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2008-2147 is considered to be of medium severity due to the potential for arbitrary code execution.
To fix CVE-2008-2147, upgrade VLC to version 0.9.0 or later.
CVE-2008-2147 affects VLC versions prior to 0.9.0, including all 0.8.x and earlier versions.
CVE-2008-2147 cannot be exploited remotely as it requires local access to the vulnerable system.
Exploiting CVE-2008-2147 could lead to arbitrary code execution, allowing attackers to compromise the affected system.