First published: Thu Jan 21 2010(Updated: )
Stack-based buffer overflow in VideoLAN VLC Media Player 0.8.6 allows user-assisted remote attackers to execute arbitrary code via an ogg file with a crafted Advanced SubStation Alpha Subtitle (.ass) file, probably involving the Dialogue field.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
VideoLAN VLC media player | =0.8.6 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2010-0364 is rated as a high severity vulnerability due to its potential for allowing remote code execution.
To fix CVE-2010-0364, it is recommended to upgrade to a patched version of VLC Media Player, specifically versions later than 0.8.6.
CVE-2010-0364 involves .ogg files that contain crafted Advanced SubStation Alpha Subtitle (.ass) files.
Users of VideoLAN VLC Media Player version 0.8.6 are affected by CVE-2010-0364.
Exploitation of CVE-2010-0364 typically requires user interaction to open the maliciously crafted media file.