CVE-2007-6262
published 2007-12-06CVE-2007-6262: A certain ActiveX control in axvlc.dll in VideoLAN VLC 0.8.6 before 0.8.6d allows remote attackers to execute arbitrary code via crafted arguments to the (1)…
PriorityP338medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
11.12%
95.4th percentile
A certain ActiveX control in axvlc.dll in VideoLAN VLC 0.8.6 before 0.8.6d allows remote attackers to execute arbitrary code via crafted arguments to the (1) addTarget, (2) getVariable, or (3) setVariable function, resulting from a "bad initialized pointer," aka a "recursive plugin release vulnerability."
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | vlc | — | — |
| videolan | vlc_media_player | — | — |
| videolan | vlc_media_player | — | — |
| videolan | vlc_media_player | — | — |
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
vendor_debian6.8LOW
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-crj9-mr7m-c86x: A certain ActiveX control in axvlc
ghsa_unreviewed·2022-05-01
CVE-2007-6262 [MEDIUM] CWE-119 GHSA-crj9-mr7m-c86x: A certain ActiveX control in axvlc
A certain ActiveX control in axvlc.dll in VideoLAN VLC 0.8.6 before 0.8.6d allows remote attackers to execute arbitrary code via crafted arguments to the (1) addTarget, (2) getVariable, or (3) setVariable function, resulting from a "bad initialized pointer," aka a "recursive plugin release vulnerability."
Debian
CVE-2007-6262: vlc - A certain ActiveX control in axvlc.dll in VideoLAN VLC 0.8.6 before 0.8.6d allow...
vendor_debian·2007·CVSS 6.8
CVE-2007-6262 [MEDIUM] CVE-2007-6262: vlc - A certain ActiveX control in axvlc.dll in VideoLAN VLC 0.8.6 before 0.8.6d allow...
A certain ActiveX control in axvlc.dll in VideoLAN VLC 0.8.6 before 0.8.6d allows remote attackers to execute arbitrary code via crafted arguments to the (1) addTarget, (2) getVariable, or (3) setVariable function, resulting from a "bad initialized pointer," aka a "recursive plugin release vulnerability."
Scope: local
bookworm: resolved
bullseye: resolved
forky: resolved
sid: resolved
trixie: resolved
No detection rules found.
No writeups or analysis indexed.
http://secunia.com/advisories/27878http://securityreason.com/securityalert/3420http://www.coresecurity.com/?action=item&id=2035http://www.securityfocus.com/archive/1/484563/100/0/threadedhttp://www.securityfocus.com/bid/26675http://www.videolan.org/sa0703.htmlhttp://www.vupen.com/english/advisories/2007/4061https://exchange.xforce.ibmcloud.com/vulnerabilities/38816https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14280http://secunia.com/advisories/27878http://securityreason.com/securityalert/3420http://www.coresecurity.com/?action=item&id=2035http://www.securityfocus.com/archive/1/484563/100/0/threadedhttp://www.securityfocus.com/bid/26675http://www.videolan.org/sa0703.htmlhttp://www.vupen.com/english/advisories/2007/4061https://exchange.xforce.ibmcloud.com/vulnerabilities/38816https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14280
2007-12-06
Published