CVE-2007-6683 — Argument Injection in VLC

6 documents6 sources
Severity
5.0MEDIUMNVD
EPSS
0.9%
top 24.36%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Videolan VLC Media PlayerVideolan VLC
Timeline
PublishedJan 17
Latest updateMay 1

Description

The browser plugin in VideoLAN VLC 0.8.6d allows remote attackers to overwrite arbitrary files via (1) the :demuxdump-file option in a filename in a playlist, or (2) a EXTVLCOPT statement in an MP3 file, possibly an argument injection vulnerability.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

â–¶Debianvideolan/vlc_media_player< 0.8.6.c-4.1+3
â–¶NVDvideolan/vlc0.8.6d

🔴Vulnerability Details

3
GHSA
GHSA-v5fx-4grc-7jmr: The browser plugin in VideoLAN VLC 0↗2022-05-01
â–¶
CVEList
CVE-2007-6683: The browser plugin in VideoLAN VLC 0↗2008-01-17
â–¶
OSV
CVE-2007-6683: The browser plugin in VideoLAN VLC 0↗2008-01-17
â–¶

💥Exploits & PoCs

1
Exploit-DB
Microsoft Office 2007 - 'OGL.dll' ValidateBitmapInfo Bounds Check Failure (MS15-097)↗2015-09-16
â–¶

📋Vendor Advisories

1
Debian
CVE-2007-6683: vlc - The browser plugin in VideoLAN VLC 0.8.6d allows remote attackers to overwrite a...↗2007
â–¶
CVE-2007-6683 — Argument Injection in Videolan VLC | cvebase