cbcvebase.
CVE-2007-6682
published 2008-01-17

CVE-2007-6682: Format string vulnerability in the httpd_FileCallBack function (network/httpd.c) in VideoLAN VLC 0.8.6d allows remote attackers to execute arbitrary code via…

PriorityP357high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
15.14%
96.3th percentile
Format string vulnerability in the httpd_FileCallBack function (network/httpd.c) in VideoLAN VLC 0.8.6d allows remote attackers to execute arbitrary code via format string specifiers in the Connection parameter.

Affected

6 ranges
VendorProductVersion rangeFixed in
debianvlc< vlc 0.8.6.c-4.1 (bookworm)vlc 0.8.6.c-4.1 (bookworm)
videolanvlc<= 0.8.6d
videolanvlc_media_player>= 0 < 0.8.6.c-4.10.8.6.c-4.1
videolanvlc_media_player>= 0 < 0.8.6.c-4.10.8.6.c-4.1
videolanvlc_media_player>= 0 < 0.8.6.c-4.10.8.6.c-4.1
videolanvlc_media_player>= 0 < 0.8.6.c-4.10.8.6.c-4.1

Detection & IOCsextracted from sources · hover to see the quote

pathnetwork/httpd.c
versionVLC 0.8.6d
  • The vulnerability is triggered via format string specifiers placed in the HTTP 'Connection:' header, sent to VLC's built-in HTTP server. Inspect HTTP requests to VLC's HTTP interface for format string tokens (e.g., %n, %x, %s) in the Connection header.
  • The vulnerable function is httpd_FileCallBack in network/httpd.c. Monitor for crashes or anomalous behaviour in VLC's HTTP server thread (httpd_HostThread) as exploitation occurs within a thread context.
  • The public exploit uses an EBP-chaining technique to achieve code execution from a thread stack. The shellcode is a BSD x86 reverse shell connecting back to LPORT=4321; monitor for unexpected outbound connections on port 4321 from VLC processes.
  • ·Debian marks the scope of this CVE as 'local', which may affect detection priority in network-only monitoring configurations, though the vulnerability is remotely exploitable via VLC's HTTP interface.

CVSS provenance

nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH
vendor_debian7.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.