Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-6262Improper Restriction of Operations within the Bounds of a Memory Buffer in VLC Media Player

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer5 documents5 sources
Severity
6.8MEDIUMNVD
EPSS
22.8%
top 4.11%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Videolan VLC Media Player
Timeline
PublishedDec 6
Latest updateMay 1

Description

A certain ActiveX control in axvlc.dll in VideoLAN VLC 0.8.6 before 0.8.6d allows remote attackers to execute arbitrary code via crafted arguments to the (1) addTarget, (2) getVariable, or (3) setVariable function, resulting from a "bad initialized pointer," aka a "recursive plugin release vulnerability."

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

NVDvideolan/vlc_media_player0.8.6, 0.8.6a, 0.8.6b+2

Patches

Patch: www.securityfocus.comPatch: www.securityfocus.com

🔴Vulnerability Details

2
GHSA
GHSA-crj9-mr7m-c86x: A certain ActiveX control in axvlc2022-05-01
CVEList
CVE-2007-6262: A certain ActiveX control in axvlc2007-12-06

💥Exploits & PoCs

1
Exploit-DB
VideoLAN VLC Media Player 0.86 < 0.86d - ActiveX Remote Bad Pointer Initialization2007-12-04

📋Vendor Advisories

1
Debian
CVE-2007-6262: vlc - A certain ActiveX control in axvlc.dll in VideoLAN VLC 0.8.6 before 0.8.6d allow...2007
CVE-2007-6262 — Videolan VLC Media Player vulnerability | cvebase